Cross-site Scripting (XSS) - Reflected in vfleaking/uoj

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

Cross-site Scripting (XSS) - Reflected in podcastgenerator/podcastgenerator

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

Cross-site Scripting (XSS) - Reflected in tildeclub/site

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

Cross-site Scripting (XSS) - Reflected in hestiacp/hestiacp

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

Improper Access Control in agentejo/cockpit

✍️ Description A local file inclusion vulnerability allows attackers to bypass the need for API Keys when querying private custom API endpoints 🕵️‍♂️ Proof of Concept 1. On the server create a custom API endpoint in /var/www/html/config/api/custom.php as follows: param'test'; if !$test return...

in bfabiszewski/libmobi

✍️ Description Overview This vulnerability is of writing user controlled values out of the buffer. The buffer is of MOBIBuffer type which is allocated using malloc. It is possible for the attacker to finally accomplish RCE Remote Code Execution using this out-of-bound write vulnerability to...

in weseek/growi

✍️ Description In following endpoint don't check the authorization of users and any user can delete other users comments /api/comments.remove the body of request is like this : "commentid" : "61393bb36970d0000c62b3cf" , "csrf" : any user receive all commentid and can easily replace other users...

in weseek/growi

✍️ Description You should check and validate the password when users registering, any user able to use a weak password like aaaaaa also you don't have any rate limit for incorrect passwords that cause to easily perform Bruteforce attacks against your users that have weak passwords. 💥 Impact This...

Open Redirect in wwbn/avideo

✍️ Description There is an open redirect vulnerability in the following URL: https://demo.avideo.com/signUp?redirectUri=https://google.com/ 🕵️‍♂️ Proof of Concept text Step to reproduce 1. open above URL 2. signup in the application 3. you redirect to google.com 💥 Impact That causes a redirection...

Cross-site Scripting (XSS) - Reflected in th3-822/rapidleech

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

Prototype Pollution in viking04/merge

✍️ Description The npm package @viking04/merge is vulnerable to Prototype Pollution. More Details on the Vulnerability: https://medium.com/node-modules/what-is-prototype-pollution-and-why-is-it-such-a-big-deal-2dd8d89a93c 🕵️‍♂️ Proof of Concept LIVE POC LINK var merge = require"@viking04/merge" var...

Cross-site Scripting (XSS) - Stored in chocobozzz/peertube

✍️ Description We can upload a SVG image and then send the url of that to other users and when they open the link we can get their complete session keys as the session keys stored in local storage and with Javascript easily can be stolen by attackers. 🕵️‍♂️ Proof of Concept 1.Go to...

Cross-Site Request Forgery (CSRF) in amirsanni/mini-inventory-and-sales-management-system

✍️ Description Attacker is able to delete a administrator accounts if a logged in user visits attacker website. 🕵️‍♂️ Proof of Concept 1.when you logged in open this POC.html in a browserFirefox and Safari 2.you can check unintentionally you delete an administrator account. //POC.html...

Heap-based Buffer Overflow in vim/vim

✍️ Description While testing vim built from commit ddfc051 with Ubuntu clang version 12.0.0-3ubuntu120.04.3 and Address Sanitizer, we discovered crafted input which triggers a heap-buffer-overflow, READ of size 1. 🕵️‍♂️ Proof of Concept 1. git clone https://github.com/vim/vim LD=lld AS=llvm-as...

Cross-site Scripting (XSS) - Reflected in andrewpaglusch/flashpaper

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

Cross-site Scripting (XSS) - Reflected in th3-822/rapidleech

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

Cross-site Scripting (XSS) - Reflected in engintron/engintron

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

Cross-site Scripting (XSS) - Reflected in kasuganosoras/pigeon

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

Cross-site Scripting (XSS) - Reflected in phoronix-test-suite/phoronix-test-suite

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

Cross-site Scripting (XSS) - Reflected in mailcow/mailcow-dockerized

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

Cross-site Scripting (XSS) - Reflected in cujanovic/ssrf-testing

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

Improper Privilege Management in chatwoot/chatwoot

✍️ Description A user without collaborator access to an Inbox is able to reveal the messages from it, by guessing the ID of the Inbox. 🕵️‍♂️ Proof of Concept - 1; With an Administrator user, create an Inbox email type - 2; Only add the Administrator itself to the list of collaborators in the Inbox...

Cross-site Scripting (XSS) - Reflected in btcpayserver/btcpayserver

✍️ Description XSS payload is triggered during editing and saving text included near the payment button. 🕵️‍♂️ Proof of Concept " In the app, settings try editing already included product. drop the payload in the Buy Button Text and save it hence the payload will be triggered. 💥 Impact Execution of...

Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver

✍️ Description stored xss bug via link in store 🕵️‍♂️ Proof of Concept 1. goto https://mainnet.demo.btcpayserver.org/stores and create a store .\ 2. Now open that store using url https://mainnet.demo.btcpayserver.org/stores/BuBNcrh8vpu4sMcTikqXoP5pXU49hvoFDyqAoA46Tns2 and change website link to...

Cross-Site Request Forgery (CSRF) in star7th/showdoc

✍️ Description With CSRF vulnerability Attacker able to delete any member to of any item if users visit attacker website. We can bypass the CSRF Protection if we put our payload on a iframe or a html file and send them to victim as after that the Origin header will be set to null and we can bypass...

Cross-Site Request Forgery (CSRF) in star7th/showdoc

✍️ Description With CSRF vulnerability Attacker able to add any member to for any item if users visit attacker website. We can bypass the CSRF Protection if we put our payload on a iframe or a html file and send them to victim as after that the Origin header will be set to null and we can bypass...

Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts

✍️ Description Attacker able to delete any number of Warehouse Products with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your...

Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver

✍️ Description Accept Bitcoin payments. Free, open-source & self-hosted, Bitcoin payment processor this package is vulnerable for xss 🕵️‍♂️ Proof of Concept 💥 Impact This vulnerability is capable of xss...

Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver

✍️ Description Accept Bitcoin payments. Free, open-source & self-hosted, Bitcoin payment processor this package is vulnerable for xss 🕵️‍♂️ Proof of Concept 💥 Impact This vulnerability is capable of stored XSS...

Cross-Site Request Forgery (CSRF) in forkcms/forkcms

✍️ Description Attacker is able to logout a user if a logged in user visits attacker website. 🕵️‍♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally you logged out //POC.html history.pushState'', '', '/' document.forms0.submit; 💥 Impact This...

None in fisharebest/webtrees

✍️ Description Sensitive data including username and email address is passed as query strings through GET request during registration. When the given email or username exists the database at the time of user registration, The application passes the given username and email address through GET...

in fisharebest/webtrees

✍️ Description The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere. The Forgot Password feature can be exploited to conduct user enumeration. If the given email exists in the...

Prototype Pollution in clientio/joint

✍️ Description jointjs package is vulnerable to Prototype Pollution. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the path components used in the path parameter are arrays. In particular, the condition key === "proto" returns false if key is "proto". This is because...

Path Traversal in alanaktion/mchostpanel

✍️ Description A Path Traversal vulnerability was identified in Minecraft server control panel which allows an attacker to access arbitrary user resources. 🕵️‍♂️ Proof of Concept console POST /ajax.php HTTP/1.1 Host: localhost:8080 User-Agent: curl/7.47.0 Accept: / Content-Length: 45 Content-Type:...

Session Fixation in agentejo/cockpit

✍️ Description A malicious actor with access to the computer is able to reveal the loaded site's actual session identifier value from the stored cookie. Since upon login, this value does not change, the attacker can gain access via session hijacking, when the target logs in on the compromised...

Path Traversal in lampnick/doctron

✍️ Description doctron is a golang tool that helps conversion of HTML to PDF or image. The input doesn't validate if it's a valid web URL. Trying to access local files using file:/// work. This allows getting a screenshot/PDF of the sensitive files on the system. 🕵️‍♂️ Proof of Concept A demo...

Inefficient Regular Expression Complexity in daaku/nodejs-tmpl

✍️ Description It allows cause a denial of service when formatting crafted string. 🕵️‍♂️ Proof of Concept // PoC.js var tmpl = require"tmpl" forvar i = 1; i = 50000; i++ var time = Date.now; var attackstr = ""+"".repeati10000+"answer"; tmplattackstr, answer: 42 var timecost = Date.now - time;...

Open Redirect in digitalbazaar/forge

✍️ Description parseUrl functionality in node-forge mishandles certain uses of backslash such as https:///\ and interprets the URI as a relative path. Browsers accept backslashes after the protocol, and treat it as a normal slash, while node-forge sees it as a relative path and leads to URL...

Improper Authorization in imran300/inventory

✍️ Description A General manager user can edit/add other group PERMISSIONS LIST with IDOR. 🕵️‍♂️ Proof of Concept go to this url when logging in as a General manager. http://localhost:8000/inventory/index.php/generals/addgroup and then you can see that Permissions can be bypassed. 💥 Impact This...

Improper Authorization in imran300/inventory

✍️ Description A designer user can deactivate any other users IDOR. 🕵️‍♂️ Proof of Concept go to this url when logging in as a Designer. http://localhost:8000/inventory/index.php/Users/deactiveStatus/10 and then you can see that a user with id 10 will be deactivated. 💥 Impact This vulnerability is...

Improper Authorization in imran300/inventory

✍️ Description A designer user can activate any other users IDOR. 🕵️‍♂️ Proof of Concept go to this url when logging in as a Designer. localhost:8000/inventory/index.php/Users/activeStatus/10 and then you can see that a user with id 10 will be activated. 💥 Impact This vulnerability is capable of...

Improper Authorization in imran300/inventory

✍️ Description A designer user can delete any other users IDOR. 🕵️‍♂️ Proof of Concept go to this url when logging in as a Designer. localhost/inventory/users/deleteusers/10 and then you can see that a user with id 10 will be deleted. 💥 Impact This vulnerability is capable of delete any user...

Cross-Site Request Forgery (CSRF) in imran300/inventory

✍️ Description You didn't set any CSRF protection for deleting a user. 🕵️‍♂️ Proof of Concept // PoC.html history.pushState'', '', '/' document.forms0.submit; After that admin open the PoC.html file the user with id 7 will be deleted. 💥 Impact This vulnerability is capable of delete any user with...

Cross-Site Request Forgery (CSRF) in imran300/inventory

✍️ Description You didn't set any CSRF protection for deactivating a user. 🕵️‍♂️ Proof of Concept // PoC.html history.pushState'', '', '/' document.forms0.submit; After that admin open the PoC.html file the user with id 7 will be deactivated. 💥 Impact This vulnerability is capable of deactivate any...

Cross-Site Request Forgery (CSRF) in imran300/inventory

✍️ Description You didn't set any CSRF protection for activating a user. 🕵️‍♂️ Proof of Concept // PoC.html history.pushState'', '', '/' document.forms0.submit; After that admin open the PoC.html file the user with id 7 will be activated. 💥 Impact This vulnerability is capable of activate any user...

Heap-based Buffer Overflow in vim/vim

✍️ Description Hello, we hope this message finds you well during these challenging times. Whilst testing vim built from commit deba5e with Ubuntu clang version 12.0.0-3ubuntu120.04.3 and Address Sanitizer, we discovered crafted input which triggers a heap-buffer-overflow, WRITE of size 15. Please...

Inefficient Regular Expression Complexity in nervjs/taro

✍️ Description A ReDoS regular expression denial of service flaw was found in the @tarojs/helper package. An attacker that is able to provide crafted input as url may cause an application to consume an excessive amount of CPU. 🕵️‍♂️ Proof of Concept Create the following poc.mjs // PoC.mjs import...

Cross-site Scripting (XSS) - Stored in leantime/leantime

✍️ Description A malicious actor is able to add new Client with a malicious payload, and upon opening the research menu, the XSS payload is being executed. 🕵️‍♂️ Proof of Concept - 1; Log in with a proper roled user - 2; Add a new client to the system at upper right corner at /clients/showAll/ URI...

Cross-site Scripting (XSS) - Stored in leantime/leantime

✍️ Description A malicious actor is able to add new Milestone with a malicious payload, and upon opening the research menu, the XSS payload is being executed. 🕵️‍♂️ Proof of Concept - 1; Log in with a proper roled user - 2; Add a new Milestone to the system at the /tickets/roadmap URI with the +...

in leantime/leantime

✍️ Description In the source code of the application, the Secret Hash value and the initialization vector is being hardcoded. 🕵️‍♂️ Proof of Concept In the following code snippet, we can see the hard-coded secret hash and IV. private $encryptionMethod = 'AES-256-CBC'; private $secrethash =...