Home

Security Advisories

Security vulnerabilities discovered and responsibly disclosed to software vendors and organizations, with detailed technical analyses, mitigation guidance, and assigned CVEs where applicable.
Logo

CVE-2023-47622: Multiple Reflected Cross-Site Scripting Vulnerabilities in IT Service Management platform iTop

Reflected XSS in Combodo iTop's render endpoint allows arbitrary JavaScript execution via multiple query parameters.
April 15, 2024 · 2 min · 301 words · Martin Kubečka
Logo

CVE-2021-41434: Stored Cross-Site Scripting Vulnerability in Expense Management System by EGavilan Media

Stored XSS in EGavilan Media's Expense Management System allows arbitrary JavaScript execution via expense description.
June 24, 2022 · 1 min · 193 words · Martin Kubečka
Logo

CVE-2021-41433: Authentication Bypass in Resumes Management by EGavilan Media

Unauthenticated SQL injection vulnerability in EGavilan Media's Job App allows login bypass.
June 23, 2022 · 1 min · 186 words · Martin Kubečka
Logo

CVE-2021-41432: Stored Cross-Site Scripting Vulnerability in the Blog Content in FlatPress

Stored XSS vulnerability in FlatPress 1.2.1 allows arbitrary JavaScript execution via crafted post content.
June 22, 2022 · 2 min · 218 words · Martin Kubečka
Logo

CVE-2021-37413: Authentication Bypass in Content Management System Provided by GRANDCOM, s.r.o.

Unauthenticated SQL injection vulnerability in GRANDCOM CMS allows login bypass via crafted username.
July 1, 2021 · 1 min · 193 words · Martin Kubečka