2 matches found
CVE-2022-23637
K-Box is a web-based application to manage documents, images, videos and geodata. Prior to version 0.33.1, a stored Cross-Site-Scripting XSS vulnerability is present in the markdown editor used by the document abstract and markdown file preview. A specifically crafted anchor link can, if clicked,...
Showmax: Stored blind xss on showmax support team
This report describes a phishing attack. It was performed through html injection into 3rd party chat application and a bit of social engineering. The merit of the attack was in providing html code which was then executed on the support agent side. The code was able to retrieve some cookies and lu...