2 matches found
CVE-2026-48518
Affected software: MultiJuicer (versions 8.0.0–10.0.0) running on a central Kubernetes deployment. Vulnerability: CSRF in the team join endpoint (POST /multi-juicer/api/teams/{team}/join) that accepts any Content-Type, bypassing CORS preflight and enabling a cross-site form to force a victim to j...
CVE-2020-5290 session fixation in rCTF
In RedpwnCTF before version 2.3, there is a session fixation vulnerability in exploitable through the token=$ssid hash when making a request to the /verify endpoint. An attacker team could potentially steal flags by, for example, exploiting a stored XSS payload in a CTF challenge so that victim...