PT-2026-6855

Gophish = 0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context...

DCP-Portal 3.7/4.x/5.x Multiple HTML Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/11339/info DCP-Portal is reported prone to multiple HTML injection vulnerabilities. It is reported that DCP-Portal does not sufficiently filter data submitted via input fields in several scripts. These vulnerabilities may...