In RedpwnCTF before version 2.3, there is a session fixation vulnerability in exploitable through the #token=$ssid hash when making a request to the /verify endpoint. An attacker team could potentially steal flags by, for example, exploiting a stored XSS payload in a CTF challenge so that victim...
6.5CVSS
6.2AI Score
0.001EPSS
Incorrect username validation in the registration process of CTFd v2.0.0 - v2.2.2 allows an attacker to take over an arbitrary account if the username is known and emails are enabled on the CTFd instance. To exploit the vulnerability, one must register with a username identical to the victim's...
9.8CVSS
9.5AI Score
0.002EPSS