Finally got my first two CVE numbers approved! CVE-2020-7051 [Type: Stored Cross-Site Scripting, Product: Codelogic Codoforum, Version: 4.8.4] CVE-2020-7050 [Type: DOM-Based Cross-Site Scripting, Product: Codelogic Codoforum, Version: 4.8.4] it was possible to inject javascript code in a new thread poll, and as there was no httponly on the session cookie it was possible to takeover the account of any user/admin that would read the new thread posted. https://lnkd.in/duPYa7u #cve #pentest #informationsecurity
Nice job, Polina👌🏻
Marketing- en Communicatieadviseur at Ultimum ★★
3yReport
Report
Very Nice!💪🏼