2 matches found
LocalTapiola: Blind Stored XSS Against Lahitapiola Employees - Session and Information leakage
Hi, I am pretty sure that I found a vulnerability similar to https://hackerone.com/reports/135154. An adversary can use the "Lähetä viesti"-functionality of the LähiTapiola Asiakassalkku to send a malicious file. When the customer service opens the file, an XSS will execute and will leak user IP...
LocalTapiola: Cookie-based client-side denial-of-service to all of the Lähitapiola domains
Cookie-based client-side denial-of-service to all of the Lähitapiola domains Time of detection: 23.2.2016 03:00-04:00 Affected URL: https://www.lahitapiola.fi/cs/Satellite?pagename=LahiTapiola/LTStatus&cookieName=selectedArea&cookieValue=1&backurl=http://www.lahitapiola.fi Description: After the...