5 matches found
EUVD-2026-34896
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.1 use uniqid for generating salts, which is unsuitable. Version 26.0.1 fixes the issue...
PT-2026-47028
Name of the Vulnerable Software and Affected Versions HAX CMS versions 2.0.0 through 25.x Description The gitlist plugin is exposed to unauthenticated users, which allows them to browse git repositories and git history without authentication. Recommendations Update to version 26.0.0...
MAL-2022-4584 Malicious code in microsites-ui-hudsons-bay-french (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7f8b6caf462a3c8193a3f1c66618c94f57d38dfc92779cb3f4deb90f0059ac12 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Uber: Reflected XSS and sensitive data exposure, including payment details, on lioncityrentals.com.sg
lioncityrentals.com.sg employed a Wordpress installation that possessed a vulnerable plugin, Formidable Forms, which was vulnerable to reflected XSS, and exposed sensitive form data. Thanks again for the report, @healdb! This was the first bug I ever found that exposed a large amount of PII, than...
signaturetravelnetwork.com XSS vulnerability
Vulnerable URL: http://www.signaturetravelnetwork.com/microsites/index.cfm?action=1="%3E%3Csvg/onload=confirmOPENBUGBOUNTY%3E//y"xz=id=x Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...