CraftCMS Zero-day Chain: XSS to SSTI triggering RCE Public Disclosure of CVE-2021-27902 and CVE-2021-27903 July 29, 2021 ◦ 14 min ◦ Security #CraftCMS #XSS #SSTI #RCE #bug bounty #stored cross site scripting #server side template injection #remote code execution #CVE-2021-27902 #CVE-2021-27903
Relative Path Traversal in Flarum using fake OAuth Provider June 11, 2021 ◦ 1 min ◦ Security #path traversal #Flarum #Huntr #bug bounty #OAuth Provider
XSS in Unified Transform (A school management software) May 18, 2021 ◦ 1 min ◦ Security #cross site scripting #Unified Transform #Huntr #bug bounty #stored cross site scripting #school management software #account takeover
Stored Cross Site Scripting in October CMS April 3, 2021 ◦ 1 min ◦ Security #cross site scripting #October CMS #Huntr #bug bounty #stored cross site scripting
Cross Site Scripting in digidocu March 30, 2021 ◦ 1 min ◦ Security #cross site scripting #digidocu #Huntr #bug bounty #stored xss
Internal IP Address leak in Misconfigured WordPress to bypass WAF December 27, 2020 ◦ 3 min ◦ Security #wordpress #web application firewall #cloudflare #ip address disclosure #open redirect #wp_safe_redirect #wp_validate_redirect #wp_redirect #wp_home #wp_siteurl