HackerOne: GraphQL field on Team node can be used to determine if External Program runs invite-only program

On 19th May, A new parameter policymarkdownhtml been introduced inside the team Graphql query. Using Graphql query, We can able to determine External program running privately on Hackerone as policymarkdownhtml parameter was able to fetch private internal policy. Note: Using this parameter, it wa...

Patchwork Cross-Site Scripting Vulnerability

Patchwork is a Web-based patch tracking management system. A cross-site scripting vulnerability exists in the template tag in Patchwork versions v1.1 through v2.1.x. The vulnerability stems from the lack of proper validation of client-side data in the WEB application, and can be exploited by an...

CVE-2019-13122

A Cross Site Scripting XSS vulnerability exists in the template tag used to render message ids in Patchwork v1.1 through v2.1.x. This allows an attacker to insert JavaScript or HTML into the patch detail page via an email sent to a mailing list consumed by Patchwork. This affects the function msg...

CVE-2019-13122

A Cross Site Scripting XSS vulnerability exists in the template tag used to render message ids in Patchwork v1.1 through v2.1.x. This allows an attacker to insert JavaScript or HTML into the patch detail page via an email sent to a mailing list consumed by Patchwork. This affects the function msg...

ALPINE-CVE-2019-13122

A Cross Site Scripting XSS vulnerability exists in the template tag used to render message ids in Patchwork v1.1 through v2.1.x. This allows an attacker to insert JavaScript or HTML into the patch detail page via an email sent to a mailing list consumed by Patchwork. This affects the function msg...

CVE-2019-13122

A Cross Site Scripting XSS vulnerability exists in the template tag used to render message ids in Patchwork v1.1 through v2.1.x. This allows an attacker to insert JavaScript or HTML into the patch detail page via an email sent to a mailing list consumed by Patchwork. This affects the function msg...

Cross site scripting

A Cross Site Scripting XSS vulnerability exists in the template tag used to render message ids in Patchwork v1.1 through v2.1.x. This allows an attacker to insert JavaScript or HTML into the patch detail page via an email sent to a mailing list consumed by Patchwork. This affects the function msg...

CVE-2019-13122

A Cross Site Scripting XSS vulnerability exists in the template tag used to render message ids in Patchwork v1.1 through v2.1.x. This allows an attacker to insert JavaScript or HTML into the patch detail page via an email sent to a mailing list consumed by Patchwork. This affects the function msg...

CVE-2019-13122

A Cross Site Scripting XSS vulnerability exists in the template tag used to render message ids in Patchwork v1.1 through v2.1.x. This allows an attacker to insert JavaScript or HTML into the patch detail page via an email sent to a mailing list consumed by Patchwork. This affects the function msg...

CVE-2019-13122

Summary: CVE-2019-13122 is a Patchwork XSS in the template tag that renders message IDs (templatetags/patch.py) across Patchwork v1.1–v2.1.x. An attacker can inject JavaScript/HTML into the patch detail page via an email to a mailing list consumed by Patchwork. Affected versions include v2.1.x an...

patchwork-europe.eu XSS vulnerability

Open Bug Bounty ID: OBB-715831 Description| Value ---|--- Affected Website:| patchwork-europe.eu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:|...

This Week in Security News

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back...

APT Group 'Patchwork' Cuts-and-Pastes a Potent Attack

An advanced persistent threat tied to Southeast Asia and the South China Sea is targeting governments and entities around the world including the U.S. The attacks are unique, according to security experts, because the perpetrators are relying nearly 100 percent on computer code copied-and-pasted...

Linux Kernel < 2.6.30.5 cfg80211 Remote Denial of Service Exploit

No description provided by source. / cfg80211-remote-dos.c Linux Kernel 2.6.30.5 cfg80211 Remote DoS Jon Oberheide [email protected] http://jon.oberheide.org Information: http://patchwork.kernel.org/patch/41218/ These pointers can be NULL, the ismesh case isn't ever hit in the current kernel, but...