The cacheservice API could be abused to indirectly inject parameters with SQL syntax which was insufficiently sanitized and would later be executed when creating new cache groups. Attackers with acces ...
Continue ReadingAugust 02, 2023
External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use (TOCTOU) weakness, involving the JDK DNS cache. Attackers that were timing DNS cache expiry correctly ...
Continue ReadingAugust 02, 2023
The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL statement. Attackers with access to a local or restricted ne ...
Continue ReadingAugust 02, 2023
The "upsell" widget for the portal allows to specify a product description. This description taken from a user-controllable jslob did not get escaped before being added to DOM. Malicious script code c ...
Continue ReadingAugust 02, 2023
The "OX Chat" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hijac ...
Continue ReadingAugust 02, 2023
Following the coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147]()** standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. not ...
Continue ReadingAugust 02, 2023
Following the coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147]()** standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. not ...
Continue ReadingAugust 02, 2023
Following the coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147]()** standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. not ...
Continue ReadingAugust 02, 2023
Back to Main