Visma Public: HTML-injection in PDF-export leads to LFI

The researcher was able to extract contents of files using the pdf-generator in "Yearly Financial Statements". This was done by adding an IFRAME-tag inside the companyname. Once rendered in Yearly Financial Statements, it included the file the IFRAME was pointing to. In this POC it was /etc/passw...

UniCredit Bank Cross Site Request Forgery / Cross Site Scripting / Shell Upload

============================================================================================== UNICREDITBANK Cross Site Scripting & Dom Based / File Upload / form without CSRF protection = ============================================================================================== TIME-LINE...