BIT-MOODLE-2021-47857 Moodle 3.10.3 - 'label' Persistent Cross Site Scripting

Moodle 3.10.3 contains a persistent cross-site scripting vulnerability in the calendar event subtitle field that allows attackers to inject malicious scripts. Attackers can craft a calendar event with malicious JavaScript in the subtitle track label to execute arbitrary code when users view the...

Grav CMS cross-site scripting vulnerability

Grav CMS is an open-source file-based content management system developed by Grav. Grav CMS 1.9.18 contains a cross-site scripting vulnerability; this vulnerability stems from a persistent cross-site scripting in the page title field, which may allow for the execution of malicious scripts...

CVE-2022-22691 Umbraco Password Reset URL Poison

The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the password reset...

How A Bug Hunter Forced Apple to Completely Remove A Newly Launched Feature

Recently Apple released a new Feature for iPhone and iPad users, but it was so buggy that the company had no option other than rolling back the feature completely. In November, Apple introduced a new App Store feature, dubbed "Notify" button — a bright orange button that users can click if they...

BlinkSale Bug Bounty #1 - Encode & Validation Vulnerability

Document Title: =============== BlinkSale Bug Bounty 1 - Encode & Validation Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1416 Release Date: ============= 2015-02-06 Vulnerability Laboratory ID VL-ID: ====================================...