Ghost CMS <=4.32 - Cross-Site Scripting

Ghost CMS 4.0.0 to 4.3.2 contains a DOM cross-site scripting vulnerability. An unused endpoint added during the development of 4.0.0 allows attackers to gain access by getting logged-in users to click a link containing malicious code. id: CVE-2021-29484 info: name: Ghost CMS =4.32 - Cross-Site...

Upgraded Q -> M from 270 [1657580270573]

Judge has assessed an item in Issue 270 as Medium risk. The relevant finding follows: 6.L- Admin config ProtocolFee and gasFee missing max amount check which can be used to take fund from user With PROTOCOLFEEBPS 10000 more than 100%, the exchange can steal user WETH who might approve max WETH...

Cross-site Scripting (XSS) - Stored in leantime/leantime

Description Multiple Stored XSS on featuers 'Milestones' , 'Research', 'Retrospective' at Leantime 2.1.8 Proof of Concept // PoC.req POST /leantime/public/tickets/editMilestone/ HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:94.0 Gecko/20100101 Firefox/94.0...

Stored passwords in 'Saved Logins' can be copied without master password entry — Mozilla

When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the clipboard thorough the 'copy password' context menu item without re-entering the master password ...