Razer: IDOR in eform.molpay.com leads to see other users application forms with private data

The tester discovered an IDOR which could allow an adversary to view the application form data of another user's application form given knowledge of the application ID. He worked with Triage to provide a working PoC. Razer Fintech appreciates the report to help keep customer data secure...

Razer: Reflected XSS in eform.molpay.com

The tester discovered a reflected XSS on eform.molpay.com. This was fixed in production on Feb 12. Razer Fintech thanks the tester for his diligence and clear PoC...