Aurelia is one of many JavaScript frameworks available for front-end developers. Although nowadays, it is not as popular as Angular or React, its user base is not negligible: It has more than 11,000 stars and over a hundred contributors on its GitHub page. However, if...
A Pressbooks stored cross site scripting vulnerability was discovered in all version ≤ 5.17.3. The application is vulnerable to Stored Cross-Site Scripting (XSS) injections via description body. An attacker can thus trick a user into clicking on a malicious link or...
We discovered a stored cross site scripting (XSS) vulnerability on Vera, a platform for online proofing and custom workflows used in the printing industry. An authenticated user could leverage the last name field in the User module of the system to execute a stored...
A few weeks ago, we released a blogpost about an authenticated RCE we found in Pulse Connect Secure (CVE-2020-8218). In that post, we mentioned that we discovered more vulnerabilities. Four vulnerabilities were discovered on Pulse Secure Connect, a VPN (Virtual...
Update: A new blog post has been published as a follow up to this article : ESI Part 2: Abusing specific implementations. Abusing Caching Servers into SSRF and Client-Side Attacks While conducting a security assessment, we noticed an unexpected behavior in the...