2 matches found
CVE-2020-27179
konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens...
New Relic: CSTI at Plugin page leading to active stored XSS (Publisher name)
Hey team, I have discovered the CSTI vulnerability at NR single Plugin page leading to stored XSS. To plant the payload you need to publish new plugin using account having the payload inside its name. Below I show you the easiest way to reproduce this using a python script which creates the new...