First exploit found: XSS (Cross Site Scripting)
Summary for exploit 1:
- The types / classes of vulnerabilities involved and any related CVE identifiers
- The vulnerability type is XSS.
- The CVE Identifier is: CVE-2020-11030
- Identify affected versions and patches
- The affected versions and patches are for versions 4.2.2 or older versions. Newer versions are fixed.
- Links to the source code, where possible
- Steps to recreate:
- Enter given command on a newly created page, and hover over and you will see an assert. Follow gif if needed.
Second exploit found: XSS (Cross Site Scripting)
Summary for exploit 2:
- A small writeup indicating the steps you used to recreate
- The types / classes of vulnerabilities involved and any related CVE identifiers
- The vulnerability type is XSS.
- The CVE Identifier is: CVE-2019-16223
- Identify affected versions and patches
- The affected versions and patches are for versions 4.2 or older versions. Newer versions are fixed.
- Links to the source code, where possible
- Steps to recreate:
- Enter given command on a newly created post, and hover over and you will see an assert. Follow gif if needed.
Third exploit found: XSS (Cross Site Scripting)
Summary for exploit 3:
- The types / classes of vulnerabilities involved and any related CVE identifiers
- The vulnerability type is XSS.
- The CVE Identifier is: CVE-2019-16223
- Identify affected versions and patches
- The affected versions and patches are for versions 4.2 or older versions. Newer versions are fixed.
- Links to the source code, where possible
- Steps to recreate:
- Enter given command on a newly created post, and hover over and you will see an assert. Follow gif if needed.
Fourth exploit found: User Enumeration
Summary for exploit 4:
- The types / classes of vulnerabilities involved and any related CVE identifiers
- The vulnerability type is User Enumeration.
- The CVE Identifier is: N/A. Most relevant: CVE-2020-35539
- Identify affected versions and patches
- The affected versions and patches are for versions 4.2 or older versions. Newer versions are fixed.
- Links to the source code, where possible
- Steps to recreate:
- Go to login screen, enter a valid username and incorrect password and it will say the username is valid. Follow gif if needed.