subcontractorssouthwestflorida.com Cross Site Scripting vulnerability OBB-3541265

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Malicious callers can replay change orders

Lines of code Vulnerability details Unlike some of the other signature based operations in the Rigor system, change order signatures do not include a nonce and are vulnerable to replay attacks. A number of exploits are possible using replayed change orders, including subcontractors extracting...

cherryhillconstruction.com XSS vulnerability

Vulnerable URL: http://cherryhillconstruction.com/subcontractors/info.asp?contractorid=107downloads=1116src=Prequalification%20for%20US%20301%20Contracts.pdftitle=1/-///'/"//--...