Zomato: [api.zomato.com] Abusing LocalParams (city_id) to Inject SOLR query

Disclosing it as per the request from @zzzhacker13. This report is identical to 844428 but this one was on a different endpoint. POC - - :v2/red/homepage.json?lat=&lon=&cityid=!dismax+df=cityid86&androidcountry=US&lang=en&androidlanguage=en Zomato Security Team...

ECE Projects 'tx_solr[q]' Parameter Cross-Site Scripting Vulnerability

ECE Projects is a project management application. ECE Projects handles a cross-site scripting vulnerability in the 'txsolrq' parameter, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to gain access to sensitive information or...