2 matches found
shop.falter.at Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1062682 Security Researcher Hackerclaus Helped patch 69 vulnerabilities Received 3 Coordinated Disclosure badges Received 1 recommendations , a holder of 3 badges for responsible and coordinated disclosure, found a security vulnerability affecting shop.falter.at website an...
CVE-2018-13865
The CVE concerns idreamsoft iCMS 7.0.9. A cross-site scripting (XSS) flaw exists via the callback parameter in the public/api.php uploadpic endpoint, which bypasses the iWAF protection mechanism. This configuration allows arbitrary script execution in contexts relying on the affected API. No expl...