Mail.ru: Blind SQL in id_locality GET param on [city-mobil.ru/taxiserv]

SQL injection in city-mobil.ru/taxiserv due to unsafe usage of GET parameter...

Mail.ru: Blind SQL injection on [city-mobil.ru/taxiserv/] in filter{"id_locality"}

SQL injection in city-mobil.ru/taxiserv due to unsafe usage of GET parameter...

Mail.ru: Partner's manager can aсccess statistics of all drivers [city-mobil.ru/taxiserv]

User with partner's manager role was able to obtain statistics for drivers of different partner company...

Mail.ru: Stored XSS на странице "Почты" [city-mobil.ru/taxiserv]

Stored XSS on city-mobil.ru/taxiserv mail page via firstname and lastname of driver...

Mail.ru: Stored XSS на странице "Изменить клиента", вкладка "История" [city-mobil.ru/taxiserv]

Stored XSS on city-mobil.ru/taxiserv driver page via firstname and lastname of driver...

Mail.ru: Stored XSS на странице "Измененить водителя" [city-mobil.ru/taxiserv]

Stored XSS on city-mobil.ru/taxiserv driver page via firstname and lastname of driver...

Mail.ru: Stored XSS на странице "Изменить клиента" [city-mobil.ru/taxiserv]

Stored XSS on city-mobil.ru/taxiserv client page via firstname and lastname of driver...

Mail.ru: IDOR in tracking driver logs at city-mobil.ru

IDOR vulnerability in taxiserv interface allowed to access a track log of a different driver...