The Easily Generate Rest API Url WordPress plugin through 1.0.0 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the ...
Continue Reading
May 23, 2022
An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/. ...
Continue Reading
May 23, 2022
The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server f ...
Continue Reading
May 23, 2022
Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user creden ...
Continue Reading
May 23, 2022
The Clipr WordPress plugin through 1.2.3 does not sanitise and escape its API Key settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered ...
Continue Reading
May 23, 2022
Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure random numbers. ...
Continue Reading
May 23, 2022
I found a CSRF Vulnerability in the update cart functionality where there is no **csrf** token being validated While updating the cart as the authenticated user **Vulnerable Request:** ``` POST /demo ...
Continue Reading
May 23, 2022
## Description It was possible to confirm a single character of a user's password hash (just the hash, not the password) using a specially crafted regular expression filter in the users endpoint of th ...
Continue Reading
May 23, 2022
Back to Main
