Withdrawn Advisory: Libredesk has a SSRF Vulnerability in Webhooks

Reconsidered - Working as designed. Update 2026-05-28 Libredesk is a single-tenant, self-hosted application. Configuring outbound webhook URLs requires an admin-only permission that is not granted by default - the operator must explicitly assign it. Anyone holding this permission already has full...

LocalTapiola: Blind Stored XSS Against Lahitapiola Employees - Session and Information leakage

Hi, I am pretty sure that I found a vulnerability similar to https://hackerone.com/reports/135154. An adversary can use the "Lähetä viesti"-functionality of the LähiTapiola Asiakassalkku to send a malicious file. When the customer service opens the file, an XSS will execute and will leak user IP...

FengCMS的CSRF漏洞可导致数据库被dump

简要描述： 重要功能未进行csrf token验证导致可被脱裤 详细说明： 后台管理中的数据备份功能未进行csrf token验证。 攻击者制作内容如下的csrf.php并放到attacker.com下面： 随后将http://attacker.com/csrf.php这个URL发送给受害者（网站管理员）。如果管理员在打开该URL时处于登录状态就会以管理员的身份像目标服务器发送备份数据库的请求： ?controller=dbmanage&operate=save&type=0...