Vvveb 跨站脚本漏洞

Vvveb is a powerful and easy-to-use CMS developed by Givan’s developers, used for building websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.3 had a cross-site scripting vulnerability. This vulnerability stemmed from the Signup::addUser controller in the customer registratio...

Open Redirect

Overview frappe is a Low Code Open Source Framework in Python and JS. Affected versions of this package are vulnerable to Open Redirect in the signup process. An attacker can cause users to be redirected to arbitrary external sites or execute malicious scripts by enticing them to visit a speciall...

CVE-2024-34077 MantisBT user account takeover in the signup/reset password process

MantisBT Mantis Bug Tracker is an open source issue tracker. Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending. The exploit is only possible whi...

CVE-2022-3735 seccome Ehoney signup access control

A vulnerability was found in seccome Ehoney. It has been rated as critical. This issue affects some unknown processing of the file /api/public/signup. The manipulation leads to improper access controls. The identifier VDB-212417 was assigned to this vulnerability...

Cloudflare: Private API key leakage due to lack of access control

The lack of access control on the https://mobilesdk.cloudflare.com/api/v1/ api allows for a remote attacker to access and steal a logged in user's private data. This can be done due to the lack of origin protection. An attacker can embed the config URI...

stuart.training XSS vulnerability

Open Bug Bounty ID: OBB-417556 Description| Value ---|--- Affected Website:| stuart.training Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

New Relic: Password disclosure during signup process

New relic provides user's the option to register new accounts. It was observed that during creation of new account process, user's password is displayed in clear text in response. This leads to disclosure of passwords. There may be another issue here that user's passwords are not stored in hashed...

Arab Portal SQL Injection Vulnerability

Arab Portal is a set of web portals. A SQL injection vulnerability exists in Arab Portal version 3, which stems from a failure of the members.php script to adequately filter the 'showemail' parameter in the signup operation. A remote attacker could use this vulnerability to execute arbitrary SQL...

Localize: A Serious Bug on SIGNUP Process!

Hello, I found a bug on your registration/Sign UP process.. You should fix this one soon as Possible! With This bug, Attacker will able to create thousands of ID's on you application.. POC ------ it can be done in three 3 ways.. 1 By CSRF .. Copy You Registration FORM source only form code is...

Localize: XSS in Localize.io

During signup I used " as my password.Just after pressing sign up I was forwarded to a new page,where that page was showing my username and asked to click to view my password.When I clicked the javascript executed. Attachment: xss.png...

Mantis Bug Tracker 0.x - New Account Signup Mass Emailing

source: https://www.securityfocus.com/bid/10995/info Mantis is reportedly susceptible to a vulnerability in its signup process allowing mass email attacks. When a new user signs up to Mantis, the system automatically sends an email message to the given email address. This email contains the users...