PT-2026-48166

Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type...

New Relic: Stored XSS at APM apps labels autocomplete dropdown (apps listing)

Hey team, I have discovered the stored XSS vulnerability triggered at APM apps labels autocomplete dropdown. Only admins are able to add labels to apps, so it seemed to me that this XSS impact is "admin to owner" only. But I googled a little and stumbled upon the NEWRELICLABELS environment variab...

Help Desk Customer Service Ticket System 1.0 CSRF

IIIIIIII RRRRRRRRRRRR HHHHHHHH HHHHHHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRRRRRRRR HHHHHHHHHHHHHHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIIIIIII RRRRRRRR RRRRRR...