CVE-2024-55452

A URL redirection vulnerability exists in UJCMS 9.6.3 due to improper validation of URLs in the upload and rendering of new block / carousel items. This vulnerability allows authenticated attackers to redirect unprivileged users to an arbitrary, attacker-controlled webpage. When an authenticated...

Rockstar Games: Referer Leakge in language changer may lead to FB token theft.

In this report, the researcher identified a CSRF vulnerability in the language changing function on https://www.rockstargames.com/GTAOnline/ that could be combined with other vulnerabilities to result in sensitive token theft such as Oauth tokens. This vulnerability would be triggered when changi...

Rockstar Games: Image Injection Vulnerability on /bully/screens

In this report, the researcher identified an image injection vulnerability in www.rockstargames.com/bully/screens that could be combined with other vulnerabilities to result in sensitive token theft from other users. This vulnerability has since been patched to prevent it from being exploitable...

Rockstar Games: Image injection on /screenshot-viewer/responsive/image ( FIX BYPASS)

In this report, the researcher identified an image injection issue in the screenshot-viewer utility on our website that could be combined with other vulnerabilities to result in sensitive token theft. We were able to quickly push out an update to resolve the image injection issue, thereby...