Log in
English

Advisories

Publicly disclosed vulnerabilities discovered by Fluid Attacks Research Team.

Severity 8

MonicaHQ 4.0.4 - Client Side Template Injection

CVE-2023-1031,CVE-2023-1094,CVE-2023-30787,CVE-2023-30788,CVE-2023-30789,CVE-2023-30790

Published: 2023-04-17 12:00 COT

Discovered by Lautaro Casanova

Severity 8

Bhima 1.27.0 - Privilege Escalation via CSRF

CVE-2023-0959

Published: 2023-04-10 12:00 COT

Discovered by Carlos Bello

Severity 7.3

OrangeScrum 2.0.11 - Reflected XSS via imgName

CVE-2023-0738

Published: 2023-04-10 12:00 COT

Discovered by Carlos Bello

Severity 6.5

Bhima 1.27.0 - Sensitive Information Disclosure via IDOR

CVE-2023-0967

Published: 2023-04-10 12:00 COT

Discovered by Carlos Bello

Severity 7.3

xml2js 0.4.23 - Prototype Pollution

CVE-2023-0842

Published: 2023-04-10 12:00 COT

Discovered by Carlos Bello

Severity 7.1

Helpy 2.8.0 - Stored Cross-Site Scripting

CVE-2023-0357

Published: 2023-04-10 12:00 COT

Discovered by Carlos Bello

Severity 7.5

markdown-pdf 11.0.0 - Local File Read via Server Side XSS

CVE-2023-0835

Published: 2023-04-10 12:00 COT

Discovered by Carlos Bello

Severity 9.1

Ulearn a5a7ca20de859051ea0470542844980a66dfc05d - RCE

CVE-2023-0670

Published: 2023-04-10 12:00 COT

Discovered by Carlos Bello

Severity 6.5

VitalPBX 3.2.3-8 - Account Takeover via CSRF

CVE-2023-0480

Published: 2023-04-10 12:00 COT

Discovered by Carlos Bello

For more information, you can read our Disclosure Policy

Service

Continuous Hacking

Platform overview

Solutions

Application security

Compliance

Systems

Testing Techniques

SAST

DAST

MPT

MAST

SCA

CSPM

ARM

PTaaS

RE

Plans

Machine

Squad

Resources

Blog

Advisories

Clients

Downloadables

Documentation

Company

About us

Certifications

Partners

Careers

Contact us

Fluid Logo Footer

Hacking software for over 20 years

Fluid Attacks tests applications and other systems, covering all software development stages. Our team assists clients in quickly identifying and managing vulnerabilities to reduce the risk of incidents and deploy secure technology.

Copyright © 0 Fluid Attacks. We hack your software. All rights reserved.

Service status

Terms of use

Privacy policy

Cookie policy