A Pressbooks stored cross site scripting vulnerability was discovered in all version ≤ 5.17.3. The application is vulnerable to Stored Cross-Site Scripting (XSS) injections via description body. An attacker can thus trick a user into clicking on a malicious link or...
We discovered a stored cross site scripting (XSS) vulnerability on Vera, a platform for online proofing and custom workflows used in the printing industry. An authenticated user could leverage the last name field in the User module of the system to execute a stored...
A few weeks ago, we released a blogpost about an authenticated RCE we found in Pulse Connect Secure (CVE-2020-8218). In that post, we mentioned that we discovered more vulnerabilities. Four vulnerabilities were discovered on Pulse Secure Connect, a VPN (Virtual...
Update: A new blog post has been published as a follow up to this article : ESI Part 2: Abusing specific implementations. Abusing Caching Servers into SSRF and Client-Side Attacks While conducting a security assessment, we noticed an unexpected behavior in the...
As a follow-up to the conference given at Confoo a few weeks ago, we are doing a focus article on the same topic. The presentation was giving an overview of the modern XSS attack vectors and filter bypass. In this blog post, we will take a closer look at XSS in...
FR
