Cross-site Scripting (XSS) - Stored in leantime/leantime

✍️ Description Stored xss bug using a xss payload in the Ideas area when adding a comment in the discussion area 🕵️‍♂️ Proof of Concept Goto http://localhost/ideas/showBoards and click on add an idea and copy paste the following xss payload in the discussion field javascript " Click on safe and see...

UPchieve: Hyper Link Injection while signup

Summary: Attacker can add their name to a URL in order to send email containing malicious hyperlinks. while signup Steps To Reproduce: 1-Go to https://app.upchieve.org and create account with the first name http://attacker.com/ and last name . 2-Now check your email and you notice there is...

Adobe Experience Manager Blind Server-Side Request Forgery Vulnerability

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Command Injection in kill-port

Versions of kill-port prior to 1.3.2 are vulnerable to Command Injection. The package does not validate user input on the kill function. This may allow attackers to run arbitrary commands in the system if user input such as the port number is passed directly to the function. Recommendation Upgrad...