2 matches found
Visma Bug Bounty Program: Administration page visible without authentication
A backend system administration interface could be accessed without authorization, but it did not display any data unless the user was correctly logged in...
Visma Bug Bounty Program: A non-administrator user can change his email even when it is restricted by an administrator
A non-administrator user can change his email, even when it is restricted by an administrator, by tampering with the response data. Steps to Reproduce Login as a normal user and goto "My details" tab in Profile. Click on Edit icon in Account section. If this functionality is locked by your...