Server-Side Request Forgery (SSRF) in the AppSheet product, an acquisition by Google which is a "no-code" application generator.One feature is that a web-hook can be executed in respond to supported events...
Fairly weak vulnerability to have, the URL of a remote stylesheet has minimal domain validation on it that was easily bypassed allowing an attacker to load their own stylesheets. It is a bit of a fun issue to have however as this can allow exfiltrating page content and potentially sensitive information like CSRF tokens and use it for a more complicated attack.
URL validation vulnerabilities leading to server side request forgery (SSRF) on an internal Google endpoint. The original whitelist bypass was to use a `\@` in the domain:
Missing, or maybe insufficient authentication checks on the `/users/create_admin` endpoint allowed any user (even one not logged in) to create a new administrative account and gain full admin privileged within the Stocky app.
Prototype pollution through a Mermaid diagram embedded in markdown leading to stored XSS.
Root issue is that WebKit violates the specification for Content-Security-Policy (CSP) violation reports, leaking the destination of a violating redirect rather than the origin in the `documentURI` field of the report.
Even if a Shopify blog was private and required a password the post titles and preview of content would be published in the globally accessible atom feed
StreamLabs would normally only redirect to a set of whitelisted domains approved to recieve the `access_token`.The author here put some effort into discovering what domains were approved, and found `http://dragynslair.live` was whitelisted, but no longer registered...
The Chrome New Tab Page was vulnerable to a stored cross-site scripting attack in the search suggestion box.
Mermaid is a markdown-like syntax for generating flowcharts and is supported by GitLab's markdown parser.The Mermaid parser itself can be provided various configuration options at initialization time, and then some of those can be overloaded by inline directives...