Vulnerabilities tagged "web"

The Chrome New Tab Page was vulnerable to a stored cross-site scripting attack in the search suggestion box.

When purchasing coins for Reddit on Android there is a call to a `/verify_purchase` endpoint which is vulnerable to a race condition.The idea being that this endpoint, being provided some of the transaction information would validate it and give the coins to the purchaser, however there is a problem when handling multiple concurrent requests to endpoint...

An unauthenticated file read in GoCD's Business Continuity Addon (installed and enabled by default) due to change in configuration that that exposed the add-on to unauthenticated users.

Mermaid is a markdown-like syntax for generating flowcharts and is supported by GitLab's markdown parser.The Mermaid parser itself can be provided various configuration options at initialization time, and then some of those can be overloaded by inline directives...

Discourse exposes a webhook that takes a user-provided "subscribe URL" and passes it into `open()` unsanitized.Due to Discourse being written in Ruby, it's possible to get command execution via the subscribe URL by way of the pipeline operator...

It is possible for a malicious website to associate a visitor with their a known slack account.The attack relies on a difference in behavior when accessing a file with and without permission, and the ability to share a file with specific users...

The gist here is that One-Time-Password brute-force prevention was based on IPs, so using IP rotation could get around that.

Reddit had an issue in associating transactions and order information.If you initiated a coin purchase for say $1.99, the order will be created and the order ID can be obtained...

A simple bug in how MySQL deals with the `e` scientific notiation for numbers (1.1e5 for 110000 as an example) could be abused to bypass various Web-Application Firewalls (WAF).The bug being that the lack of any number following the `e` would result in the term being stripped from the query and nothing being put in its place...

Websockets have always been a little bit special when it comes to security considerations, they are a newer technology and the security concerns are often not well understood. Websocket Hijacking tends to occur because websocket connections are not protected by the usual Same-Origin-Policy (SOP) that more traditional resources would be, so malicious websites can by default connect to a foreign websocket using a victims cookies (assuming `SameSite` is not at play).