Lucene search
+L

320 matches found

Hacker One
Hacker One
added 2024/07/22 7:44 a.m.34 views

U.S. Dept Of Defense: XSS on ███████

The report describes an XSS vulnerability found on the ████████ website. The vulnerability was triggered by visiting a specific URL with a crafted parameter. The impact of the vulnerability was that it could allow an attacker to execute arbitrary JavaScript code in the victim's browser...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2024/07/06 9:57 a.m.25 views

U.S. Dept Of Defense: Cross Site Scripting

The researchers discovered a cross-site scripting XSS vulnerability on the www.███.██████████ website. The vulnerability was found to only work in the Firefox browser. The affected product and version were not specified. No CVE numbers were provided. The vulnerability allowed for the execution of...

6AI score
Exploits0
Hacker One
Hacker One
added 2024/04/25 3:55 p.m.66 views

U.S. Dept Of Defense: reflected xss [CVE-2020-3580]

The application was vulnerable to cross-site scripting XSS due to insufficient input validation. This allowed an attacker to inject malicious scripts that could be executed in the victim's browser...

6.1CVSS5.9AI score0.85439EPSS
Exploits2
Hacker One
Hacker One
added 2024/03/31 2:54 a.m.8 views

U.S. Dept Of Defense: Missing Access Control Allows for User Creation and Privilege Escalation

The RSI Test Environment application had a vulnerability that allowed unauthenticated users to create new user accounts and grant them administrator privileges. This provided unauthorized access to restricted information and documents within the application...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2024/03/08 1:52 p.m.24 views

U.S. Dept Of Defense: CVE-2021-39226 Discovered on endpoint https://██████/api/snapshots

CVE-2021-39226 was discovered in Grafana, where authenticated and unauthenticated users were able to view and delete snapshots by accessing specific endpoints. The vulnerability allowed for unauthorized access and deletion of snapshot data...

9.8CVSS8.2AI score0.99888EPSS
Exploits1
Hacker One
Hacker One
added 2024/02/11 6:3 p.m.28 views

U.S. Dept Of Defense: DBMS information getting exposed publicly on -- [ ██████████ ]

A public file was found that exposed sensitive data from the website's database, including hashed user information and other configuration details. The file contained SQL statements that could be used to access the database, potentially revealing confidential data...

7.3AI score
Exploits0
Hacker One
Hacker One
added 2024/02/02 9:16 p.m.26 views

U.S. Dept Of Defense: Xss - ███

The parameter 'goal1Costs' was vulnerable to cross-site scripting XSS attack. The vulnerability allowed the attacker to inject malicious JavaScript code into the application, which could be executed by the users viewing the report...

5.9AI score
Exploits0
Hacker One
Hacker One
added 2024/02/02 8:13 p.m.29 views

U.S. Dept Of Defense: Xss Parameter: /<s>/[*]/<s>.css ████████

The request included a cross-site scripting XSS vulnerability in the parameter /\u003cs\u003e//\u003cs\u003e.css. The vulnerability was triggered by including malicious code in the request, which could have been executed when the request was processed...

6.1AI score
Exploits0
Hacker One
Hacker One
added 2024/01/25 1:29 p.m.39 views

U.S. Dept Of Defense: Improper Authentication (Login without Registration with any user) at ████

The ████ system was vulnerable to an improper authentication issue. Attackers could log in as any user without registration by exploiting the signin parameter in the ██████████ endpoint. This allowed them to authenticate and change the session of a victim to any other user...

7.2AI score
Exploits0
Hacker One
Hacker One
added 2024/01/11 8:35 p.m.22 views

U.S. Dept Of Defense: Full Access to sonarQube and Docker

The vulnerability involved the exposure of sensitive credentials and IP addresses in a JavaScript file. The researcher gained access to the organization's Hub Docker account and Sonar projects, allowing them to identify and assess the issue. The vulnerability was caused by a JavaScript file withi...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2024/01/11 2:48 p.m.50 views

U.S. Dept Of Defense: Time based SQL injection at████████

A time based SQL injection vulnerability was found in the /pubs/index.php endpoint on ██████. The 'years' and 'authors' parameters were vulnerable, allowing time delays to be introduced in database queries. This could have led to sensitive data exfiltration from the database. The issue could be...

7.9AI score
Exploits0
Hacker One
Hacker One
added 2023/11/23 12:30 p.m.26 views

U.S. Dept Of Defense: Default Admin Username and Password on ███

A vulnerability was found where default administrator credentials could be used to access an application. This could have allowed unauthorized access...

7AI score
Exploits0
Hacker One
Hacker One
added 2023/10/29 4:51 p.m.23 views

U.S. Dept Of Defense: Elasticsearch is currently open without authentication on https://██████l

An Elasticsearch instance accessible at https://██████l was found to be open without authentication, exposing data to unauthorized access. The vulnerability allowed listing and extraction of sensitive data stored in the Elasticsearch indexes. To mitigate, authentication and authorization controls...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2023/10/22 8:58 p.m.112 views

U.S. Dept Of Defense: Reflected XSS via Keycloak on ███ [CVE-2021-20323]

The Keycloak 8.0 and prior versions contained a cross-site scripting vulnerability. An attacker could have executed arbitrary script by inserting a malicious payload in the path of a POST request to the /auth/realms/master/clients-registrations/openid-connect endpoint. This allowed the server to...

6.1CVSS5.8AI score0.37246EPSS
Exploits3
Hacker One
Hacker One
added 2023/10/03 12:6 p.m.41 views

U.S. Dept Of Defense: User automatically logged in as Sys Admin user on https://███/Administration/Administration.aspx

A vulnerability was discovered where any user could be automatically logged in as a system administrator on a web application. This allowed unrestricted access and privileges could be abused to modify user privileges, add or delete users, and upload files, jeopardizing the integrity of the...

7.2AI score
Exploits0
Hacker One
Hacker One
added 2023/09/24 2:11 p.m.13 views

U.S. Dept Of Defense: Unauthenticated Jenkins instance exposed information related to █████

Vulnerability description not provided...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2023/07/24 6:24 p.m.90 views

U.S. Dept Of Defense: Adobe ColdFusion - Access Control Bypass [CVE-2023-38205] at ██████

An access control bypass vulnerability was discovered in Adobe ColdFusion, allowing attackers to bypass the restriction on external access to the ColdFusion Administrator...

7.5CVSS7.5AI score0.99732EPSS
Exploits0
Hacker One
Hacker One
added 2023/07/24 6:51 a.m.43 views

U.S. Dept Of Defense: Blind Sql Injection in https://█████/qsSearch.aspx

A blind SQL injection vulnerability was discovered in the qsSearch.aspx page of the application. An attacker could exploit this vulnerability to bypass authentication and retrieve sensitive information from the database. The vulnerability has been mitigated by implementing appropriate security...

7.9AI score
Exploits0
Hacker One
Hacker One
added 2023/07/01 3:41 a.m.53 views

U.S. Dept Of Defense: CVE-2023-24488 xss on https://██████/

Vulnerability description not provided...

6.1CVSS6.2AI score0.80907EPSS
Exploits3
Hacker One
Hacker One
added 2023/06/10 9:32 a.m.58 views

U.S. Dept Of Defense: Blind Sql Injection https:/████████

A blind SQL injection vulnerability was discovered on a website, allowing an attacker to execute arbitrary SQL commands...

8.6AI score
Exploits0
Rows per page
Query Builder