2 matches found
Openfolio: xss in /browse/contacts/
hey guys i just found an xss in openfolio i just created an contact in google with name as " and gave an email as random url https://www.google.com/contacts/u/0/contact/new then i synced openfolio with google contacts then i went here https://openfolio.com/browse/contacts/ then i clicked on invit...
Openfolio: Options Method Enabled
Vuln Details: Domain: https://openfolio.com/ I detected that OPTIONS method is allowed Impact: Information disclosed from this page can be used to gain additional information about the target system. Remedy: Disable OPTIONS method in all production systems. POC: Request: OPTIONS /signup/ HTTP/1.1...