152 matches found
CVE-2022-4055
When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attac...
urlaub-und-kurzreisen.de Cross Site Scripting vulnerability OBB-2717721
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Advanced Admin Search < 1.1.6 - Reflected Cross-Site Scripting
The plugin does not sanitize and escape some parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting. Affected parameters: keyword, user, metaKey, and metaValue https://example.com/wp-admin/admin.php?page=advanced-admin-search&keyword="...
Flexi - Guest Submit < 4.20 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape various parameters before outputting them back in some pages such as the user dashboard, leading to a Reflected Cross-Site Scripting Open the following URL when authenticated as any user: https://example.com/user-dashboard/?search=keyword:...
CVE-2021-29492
Envoy versions up to 1.18.2 contain a URL-path decoding flaw: escaped slashes (%2F, %5C) are not decoded, allowing an attacker to craft paths like /something%2F..%2Fadmin to bypass access controls and escalate privileges when RBAC/JWT filters enforce path-based policies. This can let a backend se...
Sifchain: Session Token in URL
Hello Sifchain Finance Team - Greetings to you! Hope you are well and safe. MAIN URL - https://sifchain.finance/master/ URL That has to be fixed -...
WordPress GiveWP 2.9.7 Cross Site Scripting
Exploit Title: GiveWP 2.9.7 Reflected Cross-Site Scripting Date: 3/23/2021 Exploit Author: Austin Bentley Vendor Homepage: https://givewp.com/ Software Link: https://wordpress.org/plugins/give/ Version: 2.9.7 Tested on: Windows 7 CVE: CVE-2021-24213 Exploitation requirements: Admin must visit...
Apartment Visitors Management System 1.0 - Authentication Bypass
Exploit Title: Apartment Visitors Management System 1.0 - Authentication Bypass Date: 2020-12-24 Exploit Author: Kshitiz Rajmanitorpotterk Vendor Homepage: https://phpgurukul.com/apartment-visitors-management-system-using-php-and-mysql/ Software Link:...
corporate.xoxochef.in Cross Site Scripting vulnerability OBB-1365792
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Embedded Crowd passes sensitive paramaters in the URL when adding a new or editing an existing user directory.
h3. Issue Summary While adding a new directory or editing an existing one the embedded crowd passes directoryId, xsrfTokenName and xsrfTokenValue parameters to the URL. h3. Environment Bitbucket 6.9.X, 7.4.X, 7.5.X, 7.6.X h3. Steps to Reproduce In Bitbucket navigate to Gear Icon User Directories;...
woodstockfarmersmarket.com Improper Access Control vulnerability OBB-1320079
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
nurse-senka.jp Cross Site Scripting vulnerability OBB-1265805
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
doc.cgal.org Improper Access Control vulnerability OBB-1240092
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
biopp.univ-montp2.fr Improper Access Control vulnerability OBB-1207208
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
wasteconcern.com Cross Site Scripting vulnerability OBB-1194147
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
industrialworld.com Improper Access Control vulnerability OBB-1193318
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
hakanpettersson.se Cross Site Scripting vulnerability OBB-1191333
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
comune.miglianico.ch.it Cross Site Scripting vulnerability OBB-1155990
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
omanairports.co.om Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1129275 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
proakademija.si Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1040636 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...