CVE-2023-25573

metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in /api/jmeter/download/files, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This...

MeterSphere Cross-Site Scripting Vulnerability

MeterSphere is MeterSphere open source one-stop open source continuous testing platform. MeterSphere 1.10.1-lts previous versions of cross-site scripting vulnerability , the vulnerability stems from the application of the user-supplied data lack of effective filtering and escaping , an attacker c...

LuckyFrame SQL注入漏洞

LuckyFrame is a free and open source testing platform. A security vulnerability exists in LuckyFrame v3.5, which originates from a SQL injection vulnerability in the dataScope parameter in /system/DeptMapper.xml...

Mature Your Threat Hunting by Testing Your Visibility

Threat hunting starts with a hypothesis. Without a hypothesis, you’re just combing through log files - and that isn’t threat hunting. Once you have a hypothesis, you can begin your search, but you won’t always find a hacker. Testing, like the open source tests available from Red Canary’s Atomic R...