Cross-site Scripting (XSS) - Stored in phoronix-test-suite/phoronix-test-suite

Description Hi there phoronix test suite maintainer team. There is a stored XSS in phoronix-test-suite source code. This is in group name. Proof of Concept 1. Install a local instance of phoronix test suite 2. Create an account and log in, then create a group with name . Note that you cannot crea...

Cross-site Scripting (XSS) - DOM in chatwoot/chatwoot

Title XSS in markdown link-maker Description While chatting with a client, both sides may use markdown. However, neither client's nor Chatwoot inner user's input is verified. Steps to reproduce. Note: this works in Safari and Firefox, not Chrome. I will use Telegram bot. 1. 1. Start a conversatio...

Dropcontact: User registration using public domain email like gmail in place of professional email.

Like sais in the title, we were only checking and restricting professional email in frontend, which led to being able to register with an email which is not pro because we were not checking this info in the backend. User was able to register with public domain email like gmail by response...