Security vulnerabilities discovered and responsibly disclosed to software vendors and organizations, with detailed technical analyses, mitigation guidance, and assigned CVEs where applicable.
CVE-2025-56683: DOM-based Cross-Site Scripting Leading to Remote Code Execution in Logseq Application
A DOM-based XSS vulnerability in Logseq version 0.10.9 allows Remote Code Execution by injecting malicious JavaScript through unsanitized plugin README content combined with insufficient protocol validation.
CVE-2023-47622: Multiple Reflected Cross-Site Scripting Vulnerabilities in IT Service Management Platform iTop
Reflected XSS vulnerability in multiple query parameters of Combodo iTop’s render endpoint allows JavaScript injection and execution.
CVE-2021-41433: Authentication Bypass in Resumes Management by EGavilan Media
SQL injection vulnerability in EGavilan Media's Resumes Management and Job application allows unauthenticated attackers to bypass login authentication.
CVE-2021-41432: Stored Cross-Site Scripting Vulnerability in the Blog Content in FlatPress
Stored XSS vulnerability in FlatPress 1.2.1 allows arbitrary JavaScript execution via crafted post content.
CVE-2021-41434: Stored Cross-Site Scripting Vulnerability in Expense Management System by EGavilan Media
Stored XSS vulnerability in Expense Management System 1.0 allows arbitrary JavaScript execution via expense description input.
CVE-2021-37413: Authentication Bypass in Content Management System Provided by GRANDCOM, s.r.o.
Unauthenticated SQL injection vulnerability in GRANDCOM CMS allows login bypass via crafted username.