Advisories

Publicly disclosed vulnerabilities discovered by Fluid Attacks Research Team.

Severity 8

MonicaHQ 4.0.4 - Client Side Template Injection

CVE-2023-1031,CVE-2023-1094,CVE-2023-30787,CVE-2023-30788,CVE-2023-30789,CVE-2023-30790

Published: 2023-04-17 12:00 COT

Discovered by Lautaro Casanova

Severity 8

Bhima 1.27.0 - Privilege Escalation via CSRF

CVE-2023-0959

Published: 2023-04-10 12:00 COT

Discovered by Carlos Bello

Severity 7.3

OrangeScrum 2.0.11 - Reflected XSS via imgName

CVE-2023-0738

Published: 2023-04-10 12:00 COT

Discovered by Carlos Bello

Severity 6.5

Bhima 1.27.0 - Sensitive Information Disclosure via IDOR

CVE-2023-0967

Published: 2023-04-10 12:00 COT

Discovered by Carlos Bello

Severity 7.3

xml2js 0.4.23 - Prototype Pollution

CVE-2023-0842

Published: 2023-04-10 12:00 COT

Discovered by Carlos Bello

Severity 7.1

Helpy 2.8.0 - Stored Cross-Site Scripting

CVE-2023-0357

Published: 2023-04-10 12:00 COT

Discovered by Carlos Bello

Severity 7.5

markdown-pdf 11.0.0 - Local File Read via Server Side XSS

CVE-2023-0835

Published: 2023-04-10 12:00 COT

Discovered by Carlos Bello

Severity 9.1

Ulearn a5a7ca20de859051ea0470542844980a66dfc05d - RCE

CVE-2023-0670

Published: 2023-04-10 12:00 COT

Discovered by Carlos Bello

Severity 6.5

VitalPBX 3.2.3-8 - Account Takeover via CSRF

CVE-2023-0480

Published: 2023-04-10 12:00 COT

Discovered by Carlos Bello

For more information, you can read our Disclosure Policy

Fluid Logo Footer

Hacking software for over 20 years

Fluid Attacks tests applications and other systems, covering all software development stages. Our team assists clients in quickly identifying and managing vulnerabilities to reduce the risk of incidents and deploy secure technology.

Copyright © 0 Fluid Attacks. We hack your software. All rights reserved.