Skip to content

Vulnerabilities discovered in my spare time as a bounty hunter...

Notifications You must be signed in to change notification settings

msegoviag/discovered-vulnerabilities

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 

Repository files navigation

Vulnerabilities discovered and reported

ChatGPT (OpenAI) ChatGPT

A Cross-Site Scripting (XSS) vulnerability via Prompt Injection has been discovered in the OpenAI chat platform. An attacker can exploit this vulnerability to execute JavaScript code in a user's browser by causing the chatbot to interpret a Markdown syntax, resulting in the injection of a malicious hyperlink that redirects to document.cookie and allows the attacker to view the cookie in an alert.

Reported and indexed by:

Packet Storm

Vulners

BugCrowd: Presence in the Bug Bounty Hall of Fame programme organised by OpenAI for discovering 6 vulnerabilities in ChatGPT and *.openai.com

NASA NASA

BugCrowd: Presence in the Bug Bounty Hall of Fame programme organised by National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program for discovering 7 vulnerabilities in NASA and *.nasa.gov.

Department of the Treasury Departament Of The Treasury

BugCrowd: Presence in the Bug Bounty Hall of Fame programme organised by Department of the Treasury: Vulnerability Disclosure Program for discovering 4 vulnerabilities.

Flask-AppBuilder Flask-AppBuilder

An authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on the UI. On certain database engines this error can include the entire user row including the pbkdf2:sha256 hashed password.

https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-jhpr-j7cq-3jp3

CVE-2023-34110

https://nvd.nist.gov/vuln/detail/CVE-2023-34110

https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2023-34110

https://vuldb.com/es/?id.232202

Chamilo LMS Chamilo LMS

Chamilo 1.11.x allows a user to add XSS to his/her own profile on the social network. If the "skype" and "linkedin_url" fields are enabled (they are by default) or if other text-type fields are added, these can be used by a user to target other users looking at his/her profile on the social network. This requires befriending the attacker first or viewing the profile as an administrator (so it could be used to XSS the admin). It requires a normal user account, so not available to anonymous users.
Reported by: Miguel Segovia

Reported and indexed by:

  • CVE-2023-31799
  • CVE-2023-31800
  • CVE-2023-31801
  • CVE-2023-31802
  • CVE-2023-31803
  • CVE-2023-31804
  • CVE-2023-31805
  • CVE-2023-31806
  • CVE-2023-31807

Chamilo Issue "#104" - 2023-04-11 - Moderate impact, High risk - XSS in personal profile

Chamilo Issue "#103" - 2023-04-11 - Low impact, Moderate risk - XSS in "My progress" tab

Chamilo Issue "#102" - 2023-04-11 - Low impact, Moderate risk - XSS in forum titles

Chamilo Issue "#101" - 2023-04-11 - Low impact, Low risk - XSS in personal notes and teacher notes

Chamilo Issue "#100" - 2023-04-11 - Low impact, Low risk - XSS in resources sequencing

Chamilo Issue "#99" - 2023-04-11 - Low impact, Low risk - XSS in system announcements

Chamilo Issue "#98" - 2023-04-11 - Low impact, Low risk - XSS in homepage edition

Chamilo Issue "#97" - 2023-04-11 - Low impact, High risk - XSS in skills wheel

Chamilo Issue "#96" - 2023-04-06 - Low impact, Moderate risk - XSS in course categories

About

Vulnerabilities discovered in my spare time as a bounty hunter...

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published