Libredesk has Improper Neutralization of HTML Tags in a Web Page

Summary LibreDesk is vulnerable to stored HTML injection in the contact notes feature. When adding notes via POST /api/v1/contacts/id/notes, the backend automatically wraps user input in tags. However, by intercepting the request and removing the tag, an attacker can inject arbitrary HTML element...

Patika Global HumanSuite 安全漏洞

Patika Global HumanSuite is a human resource management platform from Patika Global, Turkey. A security vulnerability exists in Patika Global HumanSuite versions prior to 53.21.0, which stems from a user-controllable key leading to authorization bypass and improper authorization, which could be...