-
Recently i reported a CSV Injection Vulnerability to a Program on Bugcrowd, but the changed the State of the Report to **Won't Fix** as per the [Bugcrowd Vulnerability Rating Taxonomy](https://bugcrow…
-
I tried out this plugin today and it worked great. Thank you for developing it.
Background: I was going to use the buildkite provided plugin, but really like the feature to separate my types of te…
-
1. Atlassian --> Bad detection string.
2. Basecamp --> Bad detection code and string. Received Code: 404; Expected Code: 200.
3. Bugcrowd --> Bad detection string.
4. Garmin connect --> Bad detecti…
-
Recently, I've seen open redirects being also re-submitted as "off-domain" XSS via data urls. I believe it should be re-evaluated as a vulnerability since it does not exist on modern browsers. In fact…
-
Should it be marked as N/A in the first place or should be sent to programs team to decide what to do with it?
-
I'd like this added as a category, it's a point of confusion (maybe because it's not a web bug)
In some circumstances it's been possible to write into thick client app folders as a least privilege…
-
As discussed in #127 it was decided to keep current P3 severity rating of `Broken Authentication and Session Management` > `Weak Login Function` > `Over HTTP`. However the discussion provoked a more i…
-
>XSS (admin -> anyone why is this a p3 vs a p4?
>If you already have admin…
\- https://twitter.com/jcran/status/999693045682454528
jcran updated
6 years ago
-
Some P3 reports that I think we should take a closer look at.
**[P3] Server Security Misconfiguration No Rate Limiting on Form Login**
Suggest to downgrade this one to a P4 at best perhaps even a …
-
External Authentication Injection issues are mainly exploited for phishing and the impact is rather on user trust than direct product security. Furthermore, all major browsers (latest versions) mitiga…