CVE-2025-48996 Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint

HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management system via the haxPsuUsage API endpoint, related to a flat...

docstudentprofiles.gse.upenn.edu Cross Site Scripting vulnerability OBB-3864161

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

pennemblem.com Improper Access Control vulnerability OBB-3808305

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

pennemblem.com Improper Access Control vulnerability OBB-2425541

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

penn.museum Cross Site Scripting vulnerability OBB-2345671

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

penn-elcom.com Cross Site Scripting vulnerability OBB-2218156

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

pennpowergroup.com Improper Access Control vulnerability OBB-2204868

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

penn.museum Cross Site Scripting vulnerability OBB-1475663

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

penn.museum Cross Site Scripting vulnerability OBB-1453250

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

penn.museum Cross Site Scripting vulnerability OBB-1444138

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

penn.cps.edu Cross Site Scripting vulnerability OBB-1333803

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

penn.museum Cross Site Scripting vulnerability OBB-1214233

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

eastpennmanufacturing.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1038158 Security Researcher tester19 Helped patch 12 vulnerabilities Received 1 Coordinated Disclosure badges Received 2 recommendations , a holder of 1 badges for responsible and coordinated disclosure, found a security vulnerability affecting eastpennmanufacturing.com...

hmc.pennstatehealth.org XSS vulnerability

Open Bug Bounty ID: OBB-674332 Description| Value ---|--- Affected Website:| hmc.pennstatehealth.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

childrens.pennstatehealth.org XSS vulnerability

Open Bug Bounty ID: OBB-674333 Description| Value ---|--- Affected Website:| childrens.pennstatehealth.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

penn-dutch.com XSS vulnerability

Open Bug Bounty ID: OBB-647811 Description| Value ---|--- Affected Website:| penn-dutch.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

worldcampus.psu.edu XSS vulnerability

Open Bug Bounty ID: OBB-639659 Description| Value ---|--- Affected Website:| worldcampus.psu.edu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

interventionamerica.org XSS vulnerability

Open Bug Bounty ID: OBB-556349 Description| Value ---|--- Affected Website:| interventionamerica.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

middevonadvertiser.co.uk XSS vulnerability

Open Bug Bounty ID: OBB-556343 Description| Value ---|--- Affected Website:| middevonadvertiser.co.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

community.pennfoster.edu XSS vulnerability

Vulnerable URL: https://community.pennfoster.edu/blogs/MercedesRuiz/tags?tags=%22%3E%3C/option%3E%3C%20/select%3E%3Cbody/onpageshow=prompt%28%29%3E%22%3E%3Csvg/onload=prompt%28/OPENBUGBOUNTY/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.11.2017 Vulnerability...