api.cabocom.net Cross Site Scripting vulnerability OBB-2533859

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

4.base.maps.api.here.com Cross Site Scripting vulnerability OBB-2522069

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

api.bolinko.com Cross Site Scripting vulnerability OBB-2513679

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Is API Security on Your Radar?

With the growth in digital transformation, the API management market is set to grow by more than 30% by the year 2025 as more businesses build web APIs and consumers grow to rely on them for everything from mobile apps to customized digital services. As part of strategic business planning, an API...

Command Injection Vulnerability with Mercurial in VCS

URLs and local file paths passed to the Mercurial hg APIs that are specially crafted can contain commands which are executed by Mercurial if it is installed on the host operating system. The vcs package uses the underly version control system, in this case hg, to implement the needed functionalit...

GHSA-6635-C626-VJ4R Command Injection Vulnerability with Mercurial in VCS

URLs and local file paths passed to the Mercurial hg APIs that are specially crafted can contain commands which are executed by Mercurial if it is installed on the host operating system. The vcs package uses the underly version control system, in this case hg, to implement the needed functionalit...

OSS API Firewall Unveils new Feature: Blacklist for Compromised API Tokens and Cookies

Discovering and securing any API is one of the most difficult challenges for developers. The API security landscape is constantly evolving, with new threats and vulnerabilities emerging at a rapid pace. Since commercial API security solutions could be really expensive for organizations, its never...

API Gateway or not, You Need API Security

To build and deploy apps in a fast-paced, iterative process, cloud-native developers in organizations on the digital transformation journey rely on APIs for communication. With at least 90% of developers using APIs in cloud-native web application development, organizations are reviewing their API...

A Search for API Security in the Operator’s Tool Box

Much has been written about modern application security tools and solutions from the provider’s perspective about their functionality and security features. When I was asked to write a blog about API Gateways and API Security, I felt it may be more useful to think about the subject from the user’...

stored xss in uploaded photo checkbox

Description xss code injection possible in endpoint "/api/savemedia " it accepts parameter "src" so if appended "%22onclick=%22alert'helo js executed';" and send request then xss alert will execute when clicking on checkbox of uploaded blank photo Proof of Concept 1. login as admin 2. open websit...

CVE-2022-26500

CVE-2022-26500 affects Veeam Backup & Replication and relates to an improper limitation of path names in internal API functions, enabling a remote, authenticated user to upload and execute arbitrary code. Affected product range includes 9.5U3/U4, 10.x, and 11.x. The root cause is exposure of inte...

How Web Applications Are Attacked Through APIs

Happy Pi Day, everyone! As a technician, pi is a number that represents a constant. This constant reflects the ongoing cyberthreats that put enterprise assets at continuous risk as digital transformation and the resultant attack surface grow in parallel. Whether it’s a simple identity theft hack...

CVE-2021-42857

The CVE-2021-42857 issue affects SteelCentral AppInternals Dynamic Sampling Agent (DSA) – AgentDaServlet. Affected component: the API at /api/appInternals/1.0/agent/da/pcf. Root cause: input in this endpoint is not validated, enabling directory traversal and potential injection of malicious paylo...

CVE-2021-42786

CVE-2021-42786 affects SteelCentral AppInternals Dynamic Sampling Agent (DSA). The vulnerability enables remote code execution via multiple API request paths, caused by insufficient input validation of user data (notably at the AgentControllerServlet). Documented as a high-severity issue (CVSSv3....

api.de Cross Site Scripting vulnerability OBB-2418346

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Imperva Ships API Security Providing Continuous API Discovery and Data Classification with Two Deployment Models

Every day, organizations are challenged to bring products to market faster and out innovate their competition. At the heart of many digital transformation initiatives are development teams looking for ways to achieve initiatives and deliver on new product goals. Many of these teams openly embrace...

Security Assessor – Job Description and How to Become

Introduction It requires a ton of work to turn into a QSA and keep your affirmation. In truth, there is an enormous rundown of standards to meet to be thought of. What is a Cyber security control assessor? The Security Control Assessor SCA is a cybersecurity personnel that utilizes security testi...

api.layar3.com Cross Site Scripting vulnerability OBB-2369369

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

api.tokyolife.vn Cross Site Scripting vulnerability OBB-2368892

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-24124

Casdoor prior to 1.13.1 is affected by an unauthenticated SQL injection in the query API (api/get-organizations) via the field and value parameters. The Nuclei template and related proofs indicate an unauthenticated remote injection that can dump database information and potentially lead to data ...