EUVD-2022-24669

Malicious code in bioql PyPI...

CVE-2022-1347

Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation...

CVE-2022-1347 Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in causefx/organizr

Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation...

CVE-2022-1347 Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in causefx/organizr

Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation...

Stored XSS due to no sanitization in the filename

Description The organizr application doesn't sanitize malicious javascript payload which leads to stored XSS and can also perform to the takeover admin account. Proof of Concept 1.Login with Co-admin account and go to "Settings" - "Image Manager" and upload any small size jpeg image and intercept...

Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users

Description The application Organizr allows malicious javascript in the "Username" & "Email" input fields for which an attacker can able to take over the account of Admin & Co-admin users. Proof of Concept 1.During "Signup" put the below payloads in the "Username" & "Email" input fields. 2.Now ru...

CVE-2009-5068

There is a file disclosure vulnerability in SMF Simple Machines Forum affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the filesyste...