EasyAppointments 1.5.0 | Authenticated Store XSS on Legal Settings Page
The [/index.php/legal_settings] endpoint has three fields where you can insert custom policies such as cookie policy.
The problem is that the code you write here is executed whenever the page loads, most editors only run the code when it's displayed not when it's being modified bu
.....
Posted on: January 11, 2025 12:06 AM
ViewEasyAppointments 1.5.0 | Admin Login bruteforce rate limit bypass
The admin panel [/index.php/login/validate] endpoint is vulnerable to bruteforce. The application by default relies on rate limiting on server-side but this can easily be bypassed by sleeping between every 8 password attempts.
Posted on: January 10, 2025 11:58 PM
ViewVvveb 1.0.5 | Authenticated site-wide silent XSS
The endpoint at [/vadmin123/index.php?module=settings/post-types] is vulnerable to XSS. When a payload is applied here, it makes the whole site and every endpoint access through [/vadmin123/] vulnerable to attack.
This vulnerability can be exploited as long as you
.....
Posted on: January 10, 2025 11:28 PM
ViewVvveb 1.0.5 | Authenticated file read as an editor
The endpoint at [/vadmin123/index.php?module=editor/editor&url=/&template=index.html] is vulnerable to file read. The vulnerability allows you to read old Vvveb files that were previously being used by an older Vvveb version.
Its current severity is low because I wasn't able
.....
Posted on: January 10, 2025 11:22 PM
ViewVvveb 1.0.5 | Authenticated SSRF port scanning as an editor
The endpoint [/vadmin123/?module=editor/editor&name=] is used for modifying a page using a drag and drop editor.
The issue is that an attacker can pass arbitrary URLs that the web app will attempt to load a given URL. This can be used to perform Server-Side Request Forgery (SSR
.....
Posted on: January 10, 2025 10:59 PM
ViewVvveb 1.0.5 | Unvalidated Plugin Editing Allows Privilege Abuse and RCE
Admins have access to modify the code of plugins and run it without any validation in place to prevent malicious code execution. An authenticated admin can modify plugins through this endpoint: [/vadmin123/index.php?module=editor/code&type=plugins].
Through this endpoint, you c
.....
Posted on: January 10, 2025 10:55 PM
ViewVvveb 1.0.5 | Authenticated Stored XSS on uploading image in posts & pages
The endpoint at [/vadmin123/index.php?module=content/post&type=post] and [/vadmin123/index.php?module=content/posts&type=page] is vulnerable to XSS, an attacker can trigger XSS by uploading malicious SVG image payload as “Featured Media”.
The payload can be trigger
.....
Posted on: January 10, 2025 10:48 PM
ViewVvveb 1.0.5 | Authenticated Stored XSS on creating posts & pages
The endpoint at [/vadmin123/index.php?module=content/post&type=post] and [/vadmin123/index.php?module=content/posts&type=page] is vulnerable to XSS, an attacker can trigger XSS by injecting malicious code into slug parameter.
The payload can be triggered by editing
.....
Posted on: January 10, 2025 10:36 PM
ViewVvveb 1.0.5 | User account bruteforce
The user login endpoint located at /user/login is vulnerable to bruteforce because there is no rate limiting protection.
Posted on: January 10, 2025 09:25 PM
ViewVvveb 1.0.5 | Admin password bruteforce
Vvveb's can be configured to set a custom path for admin panel, in my case admin panel can be access from the following endpoint:
/vadmin123
This endpoint is vulnerable because there is no rate-limiting at the core of Vvveb.
Posted on: January 10, 2025 09:17 PM
ViewFuel CMS 1.5.2 | Stored XSS in block preview
Fuel CMS 1.5.2 uses a text editor for publishing pages and creating blocks. This editor has a preview feature that allows a moderator/admin to show a preview of the post before posting it.
This feature is vulnerable to XSS because if a user embeds malicious JavaScript then it gets executed once
.....
Posted on: January 10, 2025 08:29 PM
ViewezBookkeeping 0.7.0 - 2FA backup code bruteforce
The application allows users to setup Two-Factor Authentication through the following page:
http://10.0.0.94/desktop#/user/settings?tab=twoFactorSetting
Additionally, in case users can also use backup codes as an alternative to login when they don't have access to their
.....
Posted on: January 01, 2025 10:36 AM
ViewezBookkeeping 0.7.0 - Login Bruteforce
The login endpoint at /api/authorize.json is vulnerable to brute-forcing on both username and password.
There is no rate limit protection or captcha and the application remains vulnerable to attack by default.
Posted on: January 01, 2025 10:03 AM
View