42 matches found
EUVD-2018-5485
Malware in sbrugna...
EUVD-2018-5159
Malware in sbrugna...
EUVD-2022-25101
Malicious code in bioql PyPI...
providence-place.com Improper Access Control vulnerability OBB-3808567
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
providenceyarn.com Improper Access Control vulnerability OBB-3808568
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Command execution vulnerability in Qixingchen Tianyue Network Security Audit System (CNVD-2023-71706)
Providence Peak Network Security Audit System is a compliance management system for fine-grained auditing of users' operations on core IT assets and servers in the network under business environment. A command execution vulnerability exists in Tianyue Network Security Audit System, which can be...
downtownprovidence.com Cross Site Scripting vulnerability OBB-3278295
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
providence-theater.com Cross Site Scripting vulnerability OBB-2824769
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2022-1825
Cross-site Scripting XSS - Reflected in GitHub repository collectiveaccess/providence prior to 1.8...
CVE-2022-1825
Cross-site Scripting XSS - Reflected in GitHub repository collectiveaccess/providence prior to 1.8...
Cross site scripting
Cross-site Scripting XSS - Reflected in GitHub repository collectiveaccess/providence prior to 1.8...
CVE-2022-1825 Cross-site Scripting (XSS) - Reflected in collectiveaccess/providence
Cross-site Scripting XSS - Reflected in GitHub repository collectiveaccess/providence prior to 1.8...
CVE-2022-1825 Cross-site Scripting (XSS) - Reflected in collectiveaccess/providence
Cross-site Scripting XSS - Reflected in GitHub repository collectiveaccess/providence prior to 1.8...
CVE-2022-1825
CVE-2022-1825: Reflected XSS in Providence (CollectiveAccess) before version 1.8. Exploitation occurs via reflected user input; impact is limited to confidentiality/integrity with MEDIUM severity (CVSS 3.1: 5.4). No explicit exploit details provided in the supplied documents. Affected product is ...
Providence 跨站脚本漏洞
Providence is the "back-end" component of CollectiveAccess, a set of web-based applications from the CollectiveAccess community in the United States. A security vulnerability exists in Providence versions prior to 1.8, which stems from a cross-site scripting vulnerability...
providenceflowers.com Cross Site Scripting vulnerability OBB-2491487
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Open Redirect in collectiveaccess/providence
Description I found a new way to bypass the Open Redirect with the "redirect" parameter on the login page. Vulnerable parameter redirect Payload https://demo.collectiveaccess.org.example.com Proof of Concept Send users the following login link...
Static Code Injection in collectiveaccess/pawtucket2
Description This is with reference to another SSRF report I made https://huntr.dev/bounties/43505ece-7d5e-44b8-a7a3-69bd42d0ad02/ in which the fix was to filter external src from images. Pawtucket2 makes use of the same code as Providence to filter HTML, however it does not include the new fix...
in collectiveaccess/providence
Description Sensitive Data can be exposed even after logouting the application due to ui wrong action Proof of Concept 1 login to the application dashboard https://demo.collectiveaccess.org 2 Goto Any pages dashboard,administrations etc 3 Click logout 4 Click browser back button Impact Any other...
Cross-site Scripting (XSS) - Stored in collectiveaccess/providence
Description stored xss via event name Proof of Concept Plz check this 1 minute video to reproduce the bug https://drive.google.com/file/d/1iMDosuZYYmFyJEVxXo7KB09TghKPs-7/view?usp=sharing \ Here i uses bellow xss payload xss2"'onmouseover=prompt;// Impact Stored xss...