Polina Voronina’s Post

View profile for Polina Voronina

Data Analyst Risk Management by Rabobank

Finally got my first two CVE numbers approved! CVE-2020-7051 [Type: Stored Cross-Site Scripting, Product: Codelogic Codoforum, Version: 4.8.4] CVE-2020-7050 [Type: DOM-Based Cross-Site Scripting, Product: Codelogic Codoforum, Version: 4.8.4] it was possible to inject javascript code in a new thread poll, and as there was no httponly on the session cookie it was possible to takeover the account of any user/admin that would read the new thread posted. https://lnkd.in/duPYa7u #cve #pentest #informationsecurity

Discovered by: Polina Voronina , Jan 15, 2020

Quincy Meijer

Marketing- en Communicatieadviseur at Ultimum ★★

3y

Very Nice!💪🏼

Mihai Cristian Ilie

Actuarial Assistant Manager

3y

Nice job, Polina👌🏻

See more comments

To view or add a comment, sign in

Explore topics