Category - API Security Blog

aktivkriete.de Cross Site Scripting vulnerability OBB-2688030

Following the coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147]()** standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. not ...

27 июня, 2022

alehaaner-oa.de Cross Site Scripting vulnerability OBB-2688076

Following the coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147]()** standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. not ...

27 июня, 2022

albmesser.de Cross Site Scripting vulnerability OBB-2688068

Following the coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147]()** standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. not ...

27 июня, 2022

bluray-disc.de Cross Site Scripting vulnerability OBB-2688061

Following the coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147]()** standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. not ...

27 июня, 2022

alarm-kuhbier.de Cross Site Scripting vulnerability OBB-2688055

Following the coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147]()** standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. not ...

27 июня, 2022

Mailhog 1.0.1 Cross Site Scripting

Post ContentRead More ...

27 июня, 2022

WSO2 Management Console Cross Site Scripting

Post ContentRead More ...

27 июня, 2022

Cloudflare Public Bug Bounty: Sign in with Apple generates long-life JWTs, seemingly irrevocable, that grant immediate access to accounts

The OIDC JWT token issued on a new Sign in with Apple ID to the Cloudflare Dashboard had an excessive lifetime. When intercepted by a malicious actor, it enabled impersonation of the affected user on ...

27 июня, 2022