Advisories

Publicly disclosed vulnerabilities discovered by Fluid Attacks Research Team.

Severity 8.1

OrangeScrum 2.0.11 - Arbitrary File Delete via file_name

CVE-2023-0454

Published: 2023-01-30 12:00 COT

Discovered by Carlos Bello

Severity 9.9

OrangeScrum 2.0.11 - OS Command Injection via projuniqid

CVE-2023-0164

Published: 2023-01-16 12:00 COT

Discovered by Carlos Bello

Severity 6

RushBet 2022.23.1-b490616d - Universal XSS

CVE-2022-4235

Published: 2023-01-10 09:00 COT

Discovered by Carlos Bello

Severity 8.8

Microweber 1.3.1 - DOM XSS to Account Takeover

CVE-2022-0698

Published: 2022-11-29 10:00 COT

Discovered by Carlos Bello

Severity 10

Tiny File Manager 2.4.8 - Remote Command Execution

CVE-2022-23044,CVE-2022-45475,CVE-2022-45476

Published: 2022-11-21 14:00 COT

Discovered by Carlos Bello

Severity 7.5

Browsershot 3.57.3 - Server Side XSS to LFR via HTML

CVE-2022-43984

Published: 2022-11-21 13:00 COT

Discovered by Carlos Bello

Severity 4.3

Frappe 14.10.0 - Local File Read

CVE-2022-41712

Published: 2022-11-21 12:00 COT

Discovered by Carlos Bello

Severity 10

Badaso 2.6.3 - Remote Command Execution

CVE-2022-41705

Published: 2022-11-16 11:00 COT

Discovered by Carlos Bello

Severity 7.3

deep-object-diff 1.1.0 - Prototype Pollution

CVE-2022-41713

Published: 2022-11-15 09:00 COT

Discovered by Carlos Bello

For more information, you can read our Disclosure Policy