CVE-2025-11855 Age Restriction <= 3.0.2 - Subscriber+ Privilege Escalation

The age-restriction WordPress plugin through 3.0.2 does not have authorisation in the agerestrictionRemoteSupportRequest function, allowing any authenticated users, such as subscriber to create an admin user with a hardcoded username and arbitrary password...

PT-2025-46301

Name of the Vulnerable Software and Affected Versions age-restriction WordPress plugin versions through 3.0.2 Description The age-restriction WordPress plugin does not have proper authorisation within the age restrictionRemoteSupportRequest function. This allows authenticated users, even those wi...

Mail.ru: [delivery.city-mobil.ru] Stored XSS into support request comment

Stored XSS in support request comment functionality on delivery.city-mobil.ru Citymobil corporate user could use delivery.city-mobil.ru API for submitting data. It led to bypass input-encoding filters of corporate.city-mobil.ru and stored XSS appeared at corporate.city-mobil.ru...

U.S. Dept Of Defense: Arbitrary file upload and stored XSS via ███ support request

Summary: A malicious user can upload files of any type when submitting a support request. Impact This would allow the attacker to upload malicious executable files as well as .html or .svg files which would allow the attacker to execute malicious code on behalf of the ████ customer support...

Revive Adserver: Open redirect in switch account functionality

To reproduce this vulnerability: 1. You have to be logged in user 2. Enter address: http:///www/admin/account-switch.php?returnurl=http://127.0.0.1:12345/test This is due to unrestricted redirection url passed in in the returnurl parameter. I would recommend to use some kind of whitelisting or a...

Mail.ru: Stored Blind XSS

Blind XSS via support.my.com request ticket kayako.support.my.com is not covered with bug bounty, the bounty was awarded because because lootdog.io users were potentially affected...

HackerOne: Transitioning a Private Program to Public Does Not Clear Previously Private Updates to Hackers

Summary: Transitioning a private program to public does not clear the previously private updates to hackers Description Include Impact: If you are managing a private bug bounty program and choose to message hackers in the program with a targeted bounty campaign or other limited / private messagin...

[SECURITY] Fedora 22 Update: fusionforge-5.3.2-4.fc22

FusionForge provides many tools to aid collaboration in a development project, such as bug-tracking, task management, mailing-lists, SCM repository, forums, support request helper, web/FTP hosting, release management, etc. All these services are integrated into one web site and managed through a...

Password for LDAP Connection Displayed in the "directoryConfigurationSummary.txt" file

In the Support.zip|https://confluence.atlassian.com/display/DOC/Troubleshooting+Problems+and+Requesting+Technical+SupportTroubleshootingProblemsandRequestingTechnicalSupport-Method1:UsingtheSupportRequestFormviatheConfluenceAdministrationConsole there is a file named...

500page.jsp Improvements

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-19601. panel Some further improvements to the 500page.jsp: The following should not appear if there is no stack trace: quote...

Authentication via os_username and os_password URL params is broken

Logging in by specifying username/password in the URL like this: noformathttp://jira.atlassian.com/browse/XYZ-114?decorator=none&view=rss&osusername=LOGIN&ospassword=PASSWORDnoformat used to work. tested with JIRA 3.6.3 Now you get presented with an undecorated "not logged in" message. This issue...

Authentication via os_username and os_password URL params is broken

Logging in by specifying username/password in the URL like this: noformathttp://jira.atlassian.com/browse/XYZ-114?decorator=none&view=rss&osusername=LOGIN&ospassword=PASSWORDnoformat used to work. tested with JIRA 3.6.3 Now you get presented with an undecorated "not logged in" message. This issue...

Data anonymiser does not blank out SMTP server username and password

SMTP server username and password are readable in database/xml export: This can possible security leak e.g. when you sent support request, where you send database export to support. Anonymizer does not remove these values. ---- Username and password should be encoded format in database...