PT-2023-21294 · Sucms · Sucms

Name of the Vulnerable Software and Affected Versions: Sucms version 1.0 Description: A problematic issue has been found, affecting some unknown functionality of the file "admin ads.php?action=add". The manipulation of the intro argument leads to cross site scripting. The attack may be launched...

TikTok: 1 Click to 'Close Account and Refund' via POSTMESSAGE

A vulnerability was reported where a TikTok Ads endpoint sending postmessages sent POST requests without proper origin checks. This could have enabled a cross-site request forgery CSRF attack to force users to send malicious POST requests. The vulnerability was reported through responsible...

TikTok: Reflected xss on ads.tiktok.com using `from` parameter.

A XSS cross-site scripting vulnerability was found on a TikTok ads endpoint using the "from" parameter. We thank @imrannisar for reporting this to our team and confirming its resolution...

TikTok: CORS bypass on TikTok Ads Endpoint

An endpoint used by the TikTok Ads portal was vulnerable to CORS bypass therefore potentially allowing an attacker to access information about tickets opened if the user were to click on a malicious link. We thank @sniper302 for reporting this to our team and confirming the resolution!...