3 matches found
archives.polemia.com Cross Site Scripting vulnerability OBB-3936863
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
kultura365.cz Cross Site Scripting vulnerability OBB-3936768
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
H5P < 1.15.8 - Contributor+ Stored XSS
Description The plugin does not validate uploads which could allow a Contributors and above to update malicious SVG files, leading to Stored Cross-Site Scripting issues 1. Upload an H5P archive containing a malicious SVG file w/an XSS 2. Example:...