Lucene search
K

28 matches found

Huntr
Huntr
added 2022/02/14 4:58 a.m.16 views

Improper Authorization in chocobozzz/peertube

Description The app doesn't check the status of video when making data changes. Normal users can create new comment or reply comment in private videos. Proof of Concept note: I'm using instance p.lu for testing - Step 1: Login as video test1 and upload private video. Get video ID of private video...

5.5CVSS5.4AI score0.00667EPSS
Exploits1
Huntr
Huntr
added 2022/01/30 3:7 a.m.15 views

Improper Privilege Management in liangliangyy/djangoblog

Description Hi there, I would like to report an improper privilege management vulnerability in djangoblog source code. This would allow an attacker to create comment on behalf of anyone. Proof of Concept 1. Install a local instance of djangoblog, login as admin and create an article 2. Create a n...

0.6AI score
Exploits0
OSV
OSV
added 2020/05/07 9:15 p.m.13 views

CVE-2020-11055

In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the...

5.4CVSS5.3AI score
Exploits0References4
NVD
NVD
added 2020/05/07 9:15 p.m.44 views

CVE-2020-11055

In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the...

6.3CVSS6AI score0.00782EPSS
Exploits0References4
Prion
Prion
added 2020/05/07 9:15 p.m.16 views

Cross site scripting

In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the...

3.5CVSS5.1AI score0.00782EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2020/05/07 8:40 p.m.52 views

CVE-2020-11055 Cross-site Scripting in BookStack

In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the...

6.3CVSS6AI score0.00782EPSS
Exploits0References4
CVE
CVE
added 2020/05/07 8:40 p.m.104 views

CVE-2020-11055

BookStack versions >= 0.18.0 and

6.3CVSS5.3AI score0.00782EPSS
Exploits0References4Affected Software1
Hacker One
Hacker One
added 2015/12/19 3:6 p.m.16 views

HackerOne: Team Member███ associated with a Custom Group Created with 'Program Managment' only permissions can Comments on Bug Reports

Hi Team, Legend ====== AppSecBounty = Bug ProgramSandbox Program Hacker1001 = Bug Reporter BugAdmin = Program Admin BugMember = Team Member associated ProgramManagement Group ProgramManagement Group = Custom Group created with "Program Management Permission" Steps: 1. Hacker1001 reports a Bug to...

6.8AI score
Exploits0
Rows per page
Query Builder