CVE-2023-6142

Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. With this an attacker can upload a malicious HTML file, then guess the filename of the uploaded file and send it to a potential victim...

CVE-2023-6142 Dev Blog v1.0 - Stored XSS

Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. With this an attacker can upload a malicious HTML file, then guess the filename of the uploaded file and send it to a potential victim...

CVE-2023-6142

Dev Blog v1.0 is affected by an XSS vulnerability triggered via an unrestricted file upload with poor filename entropy. An attacker can upload a malicious HTML file and then guess the filename to deliver it to a victim. Affected component: Dev Blog (Node.js/Express/MongoDB) v1.0; root cause: lack...

CVE-2023-6144 Dev Blog v1.0 - ATO

Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an attacker can access any user's session just by knowing their username...

PT-2023-32542 · Dev Blog · Dev Blog

Name of the Vulnerable Software and Affected Versions: Dev blog version 1.0 Description: The issue allows for an account takeover through the user cookie, enabling an attacker to access any user's session by knowing their username. Recommendations: For Dev blog version 1.0, consider disabling the...