Lucene search
K

36 matches found

Hacker One
Hacker One
added 2020/03/04 9:16 a.m.35 views

Visma Public: Able to continue user creation process after deleting the HTML element that shows the message that the session is closed

Summary: Able to continue user creation process and successfully submit the user creation form after deleting the HTML element that shows the message that the session is closed after signing out in different tab from same browser. Steps To Reproduce: 1. Login to...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2020/03/03 9:3 p.m.107 views

Visma Public: [IDOR]Ability to edit Description of api_key's of other users.

The reasearcher was able to change the description associated with API-keys for other users on the /api/orgID/apiKey endpoint by modifying the id of the API-key in the request...

2.9AI score
Exploits0
Hacker One
Hacker One
added 2020/03/03 6:28 p.m.287 views

Visma Public: HTML-injection in PDF-export leads to LFI

The researcher was able to extract contents of files using the pdf-generator in "Yearly Financial Statements". This was done by adding an IFRAME-tag inside the companyname. Once rendered in Yearly Financial Statements, it included the file the IFRAME was pointing to. In this POC it was /etc/passw...

2.8AI score
Exploits0
Hacker One
Hacker One
added 2020/03/03 9:17 a.m.95 views

Visma Bug Bounty Program: Administration page visible without authentication

A backend system administration interface could be accessed without authorization, but it did not display any data unless the user was correctly logged in...

3.7AI score
Exploits0
Hacker One
Hacker One
added 2020/03/02 11:38 p.m.171 views

Visma Bug Bounty Program: [IDOR]Ability to View/Delete/Edit (Forward to attachment archive) Email of other user if GUID is known.

Insecure Direct Object Reference IDOR vulnerability is discovered via a certain endpoint and the application exposes a reference to an internal implementation object which allows the attacker to perform unauthorized actions...

3.4AI score
Exploits0
Hacker One
Hacker One
added 2020/03/02 5:45 p.m.17 views

Visma Public: Unrestricted file upload leads to Stored XSS

An attacker is able to bypass the restrictions which limit user uploads to .PDF only. Attacker can upload malicious content to the web server and an included JavaScript code to gain Stored XSS...

1.6AI score
Exploits0
Hacker One
Hacker One
added 2020/03/02 4:29 p.m.20 views

Visma Public: Arbitrary File Upload to Stored XSS

An attacker is able to bypass the restrictions which limit user uploads to .PDF only. Utilizing this exploit by changing the content Beacon.html%00.pdf an attacker can upload malicious content to the web server and an included JavaScript code to gain Stored XSS...

1.8AI score
Exploits0
Hacker One
Hacker One
added 2020/03/02 2:0 p.m.34 views

Visma Public: Session replay vulnerability in app.workbox.dk domain

The researcher found that sessions don't expire when users logs out of their account. This means that if the session cookie and it's value is known, an attacker can impersonate the owner of the account...

4.9AI score
Exploits0
Hacker One
Hacker One
added 2020/03/02 12:18 p.m.185 views

Visma Bug Bounty Program: Stored XSS when uploading files to an invoice

I've found a stored XSS from the fileupload. The parameter fileID is vulnerable and will be stored to the page. Steps To Reproduce Login Navigate to one of your invoices Upload some file and intercept the traffic Once you see the JSON payload like this "id":"abcabccabcabc","name":"file-name" modi...

1.1AI score
Exploits0
Hacker One
Hacker One
added 2020/02/27 5:40 a.m.86 views

Visma Bug Bounty Program: A non-administrator user can change his email even when it is restricted by an administrator

A non-administrator user can change his email, even when it is restricted by an administrator, by tampering with the response data. Steps to Reproduce Login as a normal user and goto "My details" tab in Profile. Click on Edit icon in Account section. If this functionality is locked by your...

1.5AI score
Exploits0
Hacker One
Hacker One
added 2020/02/07 3:28 p.m.150 views

Visma Bug Bounty Program: A 'Read only' user can modify the company logotype and invoice background image

A 'Read only' user can modify the company logotype and invoice background image in his own company, which should not be allowed for this permission level...

4.2AI score
Exploits0
Hacker One
Hacker One
added 2020/02/04 10:31 a.m.64 views

Visma Bug Bounty Program: Stored XSS in 'Notes'

A logged-in user can inject JavaScript code into a specifically crafted Note on a document, such as a Invoice, which will be executed when another user, logged in to the same company, edits the Note...

1.9AI score
Exploits0
Hacker One
Hacker One
added 2020/02/03 5:32 p.m.86 views

Visma Bug Bounty Program: A user can view the name and number of a customer in another company if the GUID is known

An IDOR vulnerability exists in /api/internal/customerlabels/, allowing an attacker to add a label to a customer in a another company if he has previous knowledge about the UUID. The result is that the name and number of the customer is shown in the attackers context. As all objects in the API ar...

1.8AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/08/15 4:7 p.m.40 views

incident.consulting.visma.com XSS vulnerability

Open Bug Bounty ID: OBB-664789 Description| Value ---|--- Affected Website:| incident.consulting.visma.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
Openbugbounty
Openbugbounty
added 2018/02/07 8:51 a.m.10 views

blog.visma.com XSS vulnerability

Open Bug Bounty ID: OBB-554368 Description| Value ---|--- Affected Website:| blog.visma.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2016/04/21 10:35 a.m.16 views

visma.com XSS vulnerability

Vulnerable URL:...

6.3AI score
Exploits0
Rows per page
Query Builder