36 matches found
Visma Public: Able to continue user creation process after deleting the HTML element that shows the message that the session is closed
Summary: Able to continue user creation process and successfully submit the user creation form after deleting the HTML element that shows the message that the session is closed after signing out in different tab from same browser. Steps To Reproduce: 1. Login to...
Visma Public: [IDOR]Ability to edit Description of api_key's of other users.
The reasearcher was able to change the description associated with API-keys for other users on the /api/orgID/apiKey endpoint by modifying the id of the API-key in the request...
Visma Public: HTML-injection in PDF-export leads to LFI
The researcher was able to extract contents of files using the pdf-generator in "Yearly Financial Statements". This was done by adding an IFRAME-tag inside the companyname. Once rendered in Yearly Financial Statements, it included the file the IFRAME was pointing to. In this POC it was /etc/passw...
Visma Bug Bounty Program: Administration page visible without authentication
A backend system administration interface could be accessed without authorization, but it did not display any data unless the user was correctly logged in...
Visma Bug Bounty Program: [IDOR]Ability to View/Delete/Edit (Forward to attachment archive) Email of other user if GUID is known.
Insecure Direct Object Reference IDOR vulnerability is discovered via a certain endpoint and the application exposes a reference to an internal implementation object which allows the attacker to perform unauthorized actions...
Visma Public: Unrestricted file upload leads to Stored XSS
An attacker is able to bypass the restrictions which limit user uploads to .PDF only. Attacker can upload malicious content to the web server and an included JavaScript code to gain Stored XSS...
Visma Public: Arbitrary File Upload to Stored XSS
An attacker is able to bypass the restrictions which limit user uploads to .PDF only. Utilizing this exploit by changing the content Beacon.html%00.pdf an attacker can upload malicious content to the web server and an included JavaScript code to gain Stored XSS...
Visma Public: Session replay vulnerability in app.workbox.dk domain
The researcher found that sessions don't expire when users logs out of their account. This means that if the session cookie and it's value is known, an attacker can impersonate the owner of the account...
Visma Bug Bounty Program: Stored XSS when uploading files to an invoice
I've found a stored XSS from the fileupload. The parameter fileID is vulnerable and will be stored to the page. Steps To Reproduce Login Navigate to one of your invoices Upload some file and intercept the traffic Once you see the JSON payload like this "id":"abcabccabcabc","name":"file-name" modi...
Visma Bug Bounty Program: A non-administrator user can change his email even when it is restricted by an administrator
A non-administrator user can change his email, even when it is restricted by an administrator, by tampering with the response data. Steps to Reproduce Login as a normal user and goto "My details" tab in Profile. Click on Edit icon in Account section. If this functionality is locked by your...
Visma Bug Bounty Program: A 'Read only' user can modify the company logotype and invoice background image
A 'Read only' user can modify the company logotype and invoice background image in his own company, which should not be allowed for this permission level...
Visma Bug Bounty Program: Stored XSS in 'Notes'
A logged-in user can inject JavaScript code into a specifically crafted Note on a document, such as a Invoice, which will be executed when another user, logged in to the same company, edits the Note...
Visma Bug Bounty Program: A user can view the name and number of a customer in another company if the GUID is known
An IDOR vulnerability exists in /api/internal/customerlabels/, allowing an attacker to add a label to a customer in a another company if he has previous knowledge about the UUID. The result is that the name and number of the customer is shown in the attackers context. As all objects in the API ar...
incident.consulting.visma.com XSS vulnerability
Open Bug Bounty ID: OBB-664789 Description| Value ---|--- Affected Website:| incident.consulting.visma.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
blog.visma.com XSS vulnerability
Open Bug Bounty ID: OBB-554368 Description| Value ---|--- Affected Website:| blog.visma.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
visma.com XSS vulnerability
Vulnerable URL:...