27 matches found
CVE-2025-4072
creationtimestamp| type| source ---|---|--- 2025-04-29 17:11:57+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13865 2025-04-29 19:50:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lny2ikvfey22 2025-04-29 21:01:18+00:00| seen|...
eatonfuneralhome.ca Cross Site Scripting vulnerability OBB-3924950
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
herbnlife.co Cross Site Scripting vulnerability OBB-3924924
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
vakantiegriekenland.nl Improper Access Control vulnerability OBB-3924880
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
WordPress Analytify Plugin <= 5.2.3 is vulnerable to Broken Access Control
Software Analytify Type Plugin Vulnerable versions = 5.2.3 Fixed in 5.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1584 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 5e5adc4ec40e Credits Francesco Carlucci Required privileg...
LiveJournal Shortcode <= 1.1.1 - Contributor+ Stored XSS via Shortcode
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC Add this shortcode to a page...
LiveJournal Shortcode <= 1.1.1 - Contributor+ Stored XSS via Shortcode
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Add this shortcode to a page: lj...
MF Gig Calendar <= 1.2.1 - Editor+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "MF Gig Calendar Settings" 2...
Crelly Slider <= 1.4.5 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Crelly Slider" 2. Add a slid...
Fancy Product Designer < 6.1.81 - Admin+ Cross Site Scripting
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to:...
hagemeyer.net Cross Site Scripting vulnerability OBB-3280611
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
tommyunitlive.realpunkradio.com Cross Site Scripting vulnerability OBB-3280134
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
odiexperts.com Cross Site Scripting vulnerability OBB-3279986
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
newketofatblaster.com Cross Site Scripting vulnerability OBB-3279974
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
moshavereh.ugy.ir Cross Site Scripting vulnerability OBB-3279958
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
verfenbehangoutlet.nl Cross Site Scripting vulnerability OBB-2575811
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
chapasperona.com Improper Access Control vulnerability OBB-2573691
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
demonpowersports.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1152800 Security Researcher DkilerS2 Helped patch 106 vulnerabilities Received 4 Coordinated Disclosure badges Received 8 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting demonpowersports.com websit...
immocasainn.ch Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1152749 Security Researcher DkilerS2 Helped patch 112 vulnerabilities Received 4 Coordinated Disclosure badges Received 8 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting immocasainn.ch website and...
splitcoaststampers.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1152461 Security Researcher Dipu1A Helped patch 998 vulnerabilities Received 5 Coordinated Disclosure badges Received 22 recommendations , a holder of 5 badges for responsible and coordinated disclosure, found a security vulnerability affecting splitcoaststampers.com websi...