EUVD-2026-34896

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.1 use uniqid for generating salts, which is unsuitable. Version 26.0.1 fixes the issue...

PT-2026-47028

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 2.0.0 and prior to version 26.0.0, the gitlist plugin is exposed to unauthenticated users, allowing unauthenticated browsing of git repositories and git history. Version 26.0.0 patches the issue...

MAL-2022-4584 Malicious code in microsites-ui-hudsons-bay-french (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7f8b6caf462a3c8193a3f1c66618c94f57d38dfc92779cb3f4deb90f0059ac12 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Uber: Reflected XSS and sensitive data exposure, including payment details, on lioncityrentals.com.sg

lioncityrentals.com.sg employed a Wordpress installation that possessed a vulnerable plugin, Formidable Forms, which was vulnerable to reflected XSS, and exposed sensitive form data. Thanks again for the report, @healdb! This was the first bug I ever found that exposed a large amount of PII, than...

signaturetravelnetwork.com XSS vulnerability

Vulnerable URL: http://www.signaturetravelnetwork.com/microsites/index.cfm?action=1="%3E%3Csvg/onload=confirmOPENBUGBOUNTY%3E//y"xz=id=x Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...