5 matches found
EUVD-2020-26379
Malware in sbrugna...
Server Side Request Forgery (SSRF)
@strapi/admin is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of webhook URLs, allowing requests to internal domains such as localhost and 127.0.0.1...
Reddit: Exposed proxy allows to access internal reddit domains
An exposed proxy at 52.90.28.77:30920 was found to allow access to internal reddit domains, such as snoo.dev, which were used by Reddit employees...
Paymoney 3.3 Cross Site Scripting Vulnerability
Title: paymoney-3.3 XSS-Reflected Author: nu11secur1ty Vendor: https://paymoney.techvill.org/ Software: paymoney-3.3 Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/paymoney/2022/paymoney-3.3 Description: The parameters firstname and lastname in Users are vulnerable...
Server-Side Request Forgery (SSRF)
rendertron is vulnerable to sever-side request forgery SSRF. The vulnerability exists as it allows the headless chrome to access the internal domains, forcing the rendertron headless chrome process to render internal sites and display the response as a screenshot...