Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Huntr
Huntradded 2023/07/01 2:48 p.m.22 views

attackers with role "USER" can create tags

Description It seems that the users with role ""USER" has no permission with creating tags, but we do not enforce it. Ohers operation, like edit and delete has no problem. Proof of Concept pull the latest docker and setup answer 1 create a user with name "normaluser", whose role is "USER" 2 admin...

4CVSS6.7AI score0.00181EPSS
Exploits1
Huntr
Huntradded 2023/04/17 8:51 a.m.15 views

attackers can change the immutable name and type of cluster

Proof of Concept 1 admin creates a cluster 2 admin adds user1 as one owner 3 attack login as user1 4 user1 edit the the cluster 5 user1 finds that the name and type can not be changed. 6 user1 still edits the cluster and using the burpsuit to hijack the request 7 the request content can be like...

5CVSS6.9AI score0.00634EPSS
Exploits0
Huntr
Huntradded 2023/03/23 10:39 a.m.13 views

ProjectID is disclosed and can be used for IDOR attack

I find that we click "Settings" button, we can see all the project, even the login user does not belong to the project. Using burpsuit to hijack the reqeust, we can obtain project ids. We can use projectid to perform IDOR attack. 1 create two projects: project1 and project2, and their admin is...

2.8CVSS6.8AI score0.00225EPSS
Exploits1
Huntr
Huntradded 2023/03/22 6:44 a.m.5 views

IDOR Vulnerability Allow the owner of one Organization can edit, delete and resetpassword users that belong to other organization

1 first, we create two organizations: org1 and org2. The owner of them is user1 and user2 corresponding. 2 we login as user1 and reset itsself password. 3 using the burpsuit to hack hijack the post. 4 The post and can be like: PUT...

6.6AI score
Exploits0
Huntr
Huntradded 2022/09/02 9:52 a.m.23 views

Reflected XSS via POST

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...

5.8CVSS6AI score0.00807EPSS
Exploits1References3
Hacker One
Hacker Oneadded 2018/07/17 2:32 p.m.86 views

Semrush: Stored XSS in '' Section and WAF Bypass

Summary Stored Cross-site Scripting XSS is the most dangerous type of Cross Site Scripting. Web applications that allow users to store data are potentially exposed to this type of attack. stored XSS occurs when a web application gathers input from a user which might be malicious, and then stores...

5.7AI score
Exploits0
Rows per page
Query Builder