Cross-Site Request Forgery (CSRF) in myvesta/vesta

✍️ Description In this application there is weak CSRF protection on backup functionality. therefore according to below POC.html when a logged in user visits attacker website then an unintentional backup request sends to application. 🕵️‍♂️ Proof of Concept //PoC.html history.pushState'', '', '/'...

Cross-Site Request Forgery (CSRF) in myvesta/vesta

✍️ Description Attacker is able to logout user if a logged in user visits attacker website. 🕵️‍♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally you logged out history.pushState'', '', '/' document.forms0.submit; 💥 Impact This vulnerability is...

in livehelperchat/livehelperchat

✍️ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. 🕵️‍♂️ Proof of Concept 💥 Impact According to PortSwigger references, it is possible for a page controlled by an attacker...

Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts

✍️ Description Attacker able to delete any number of Accounting Subaccounts with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your...

Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts

✍️ Description Attacker able to change any role with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...

Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts

✍️ Description Attacker able to delete any number of Agents with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSR...

Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts

✍️ Description Attacker able to delete any number of Purchases invoices with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your...

Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts

✍️ Description Attacker able to delete any number of Accounting Reports with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your...

Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts

✍️ Description Attacker able to delete any number of customers with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In...

Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts

✍️ Description Attacker able to delete any number of users with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...

in yourls/yourls

✍️ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. 🕵️‍♂️ Proof of Concept 💥 Impact According to PortSwigger references, it is possible for a page controlled by an attacker...

in getgrav/grav-plugin-admin

✍️ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. 🕵️‍♂️ Proof of Concept 💥 Impact According to PortSwigger references, it is possible for a page controlled by an attacker...

Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2

✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will...

Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2

✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will...

Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2

✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will...

Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2

✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will...

Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2

✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will...

Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2

✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will...

Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2

✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will...

Cross-site Scripting (XSS) - Stored in namelessmc/nameless

✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will...

Code Injection in namelessmc/nameless

✍️ Description Code Injection is the general term for attack types which consist of injecting code that is then interpreted/executed by the application. This type of attack exploits poor handling of untrusted data. These types of attacks are usually made possible due to a lack of proper...

Cross-Site Request Forgery (CSRF) in erikdubbelboer/phpredisadmin

✍️ Description The Import functionality in the application is vulnerable to CSRF attacks. 🕵️‍♂️ Proof of Concept history.pushState'', '', '/' 💥 Impact This vulnerability can let an attacker import data to the database without the knowledge/interaction of the user...

Cross-Site Request Forgery (CSRF) in erikdubbelboer/phpredisadmin

✍️ Description The delete key functionality in the application is vulnerable to CSRF attack. 🕵️‍♂️ Proof of Concept history.pushState'', '', '/' 💥 Impact This vulnerability can let an attacker delete data from the database without the knowledge/interaction of the user...

Cross-Site Request Forgery (CSRF) in erikdubbelboer/phpredisadmin

✍️ Description The Add Key functionality in the Application is vulnerable to CSRF attack. 🕵️‍♂️ Proof of Concept history.pushState'', '', '/' 💥 Impact This vulnerability can let an attacker add data to the database without the knowledge/interaction of the user. 📍 Location index.phpL1 📝 References...

in erikdubbelboer/phpredisadmin

✍️ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. 🕵️‍♂️ Proof of Concept 💥 Impact According to PortSwigger references, it is possible for a page controlled by an attacker...

Cross-site Scripting (XSS) - Reflected in erikdubbelboer/phpredisadmin

✍️ Description The application is vulnerable to XFS attack. 🕵️‍♂️ Proof of Concept Navigate to https://domain.tld/phpRedisAdmin/?https://www.eia.gov/state/maps The page https://www.eia.gov/state/maps.php will be loaded in an iframe on the page. 💥 Impact Cross-Frame Scripting XFS is an attack that...

Cross-site Scripting (XSS) - Stored in janeczku/calibre-web

💥 BUG stored xss via book description 💥 STEP TO REPRODUCE Lets there is two user Admin and user-B . user-B has edit permission in book.\ \ 1. Now goto user-B account and visit http://localhost:8083/admin/book/12 and edit the metadata .\ During edit put bellow xss payload in book Description field...

SQL Injection in slackero/phpwcms

✍️ Description Data enters a program from an untrusted source 🕵️‍♂️ Proof of Concept if$result = mysqliquery$db, 'SELECT FROM '. $phpwcms"dbprepend" ? $phpwcms"dbprepend".'' : ''.'phpwcmsuser' 💥 Impact A successful attack may result in the unauthorized viewing of user lists, the deletion of entire...

Cross-site Scripting (XSS) - Reflected in slackero/phpwcms

✍️ Description Reflected xss 🕵️‍♂️ Proof of Concept 'HTTP-REFERER: '.echoempty$ref ? 'unknown' : $ref; 💥 Impact xss bug...

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in slackero/phpwcms

✍️ Description The secure flag is not set for PHPSESSID session cookie in the application. 🕵️‍♂️ Proof of Concept 💥 Impact If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from...

Sensitive Cookie Without 'HttpOnly' Flag in slackero/phpwcms

✍️ Description HTTPOnly attribute is not set for session cookies in the application. 🕵️‍♂️ Proof of Concept 💥 Impact When a cookie doesn’t have an HttpOnly flag, it can be accessed through JavaScript, which means that an XSS could lead to cookies being stolen. These include session cookies that can...

Cross-Site Request Forgery (CSRF) in admidio/admidio

✍️ Description Attacker able to delete any Link with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...

in cortezaproject/corteza-server

✍️ Description Hi team i found an Unrestricted File Upload on https://latest.cortezaproject.org/ which let me upload anything. File Extensions Such as .html , .svg and others should not be executed on the server side. 🕵️‍♂️ Proof of Concept Step to Reproduce 1- Go to the Employees tab and choose an...

Cross-site Scripting (XSS) - Stored in cortezaproject/corteza-webapp-workflow

✍️ Description Stored Cross-Site Scripting XSS is the type of XSS when a user injects a maliscous javascript code into the web applacation and it gets later rendered in victim browser. 🕵️‍♂️ Proof of Concept 1. Sign in to the application as admin 2. Go to workflows 3. Edit workflow and set the...

Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

✍️ Description Attacker able to set default currency with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...

Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

✍️ Description Attacker able to Remove budgeted amount with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...

Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

✍️ Description Attacker able to delete Total available budget with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In...

Cross-site Scripting (XSS) - Stored in slackero/phpwcms

✍️ Description Stored xss 🕵️‍♂️ Proof of Concept Plz check this 1 minute video https://drive.google.com/file/d/1ycKDrN3ot623c-iYTaJYFNCjxCXChNx1/view?usp=sharing 💥 Impact xss bug...

Cross-site Scripting (XSS) - Stored in imran300/inventory

✍️ Description Stored xss bug using a xss payload in the product name when adding a new categorie in the product page. 🕵️‍♂️ Proof of Concept Goto http://localhost/inventory/index.php/Category/listcategory and click on add category and copy paste the following xss payload and paste it in the...

Cross-site Scripting (XSS) - Stored in imran300/inventory

✍️ Description Stored xss bug using a xss payload in the employee name when adding a new employee 🕵️‍♂️ Proof of Concept Goto http://localhost/inventory/employees/addemployee and click on add employee and copy paste the following xss payload and paste it in the EMP NAME javascript " Click on safe...

Cross-Site Request Forgery (CSRF) in admidio/admidio

✍️ Description Attacker able to delete any folder with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks...

Cross-Site Request Forgery (CSRF) in admidio/admidio

✍️ Description Attacker able to delete any event with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks i...

Cross-Site Request Forgery (CSRF) in admidio/admidio

✍️ Description Attacker able to delete any Announcements with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...

Cross-Site Request Forgery (CSRF) in admidio/admidio

✍️ Description Attacker able to delete any album of a user with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...

Cross-Site Request Forgery (CSRF) in admidio/admidio

✍️ Description Attacker able to delete any photo of a user with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...

Cross-Site Request Forgery (CSRF) in admidio/admidio

✍️ Description Attacker able to unlock/lock any album with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...

Cross-Site Request Forgery (CSRF) in admidio/admidio

✍️ Description Attacker able to delete any File & Doc with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...

Cross-Site Request Forgery (CSRF) in leantime/leantime

✍️ Description CSRF on deleting a user. There is no token or anti csrf implemented. 🕵️‍♂️ Proof of Concept Create a .html file poc.html for example and copy paste the following code in it. Change localhost to ur domain or ip address. javascript CSRF PoC send this file to a admin when he opens the...

Cross-site Scripting (XSS) - Stored in leantime/leantime

✍️ Description Stored xss bug using a xss payload in the todo name when adding a todo item 🕵️‍♂️ Proof of Concept Goto http://localhost/tickets/showKanban and add a todo item and copy paste the following xss payload in the todo-name javascript " Click on safe and go to the My Timesheets tab and see...

Cross-site Scripting (XSS) - Stored in leantime/leantime

✍️ Description Stored xss bug using a xss payload in the Retrospectives Title when adding a new retrospective 🕵️‍♂️ Proof of Concept Goto http://localhost/retrospectives/showBoards and click on add more and copy paste the following xss payload in the title javascript " Click on safe and see the xss...