When auditing a MailChimp client for Cobalt.io I noticed that this company suffers from a Reflected File Download vulnerability that could be exploited only by […]
Multiple vulns on mTouch Quiz WordPress plugin
Plugin link: https://wordpress.org/plugins/mtouch-quiz/ Active Installs: 5,000+ Version tested: 3.1.2 CVE Reference: Waiting mTouch Quiz lets you add quizzes to your site. This plugin was designed […]
XSS on a input hidden field
…where you have the input sanitized for ‘<> chars. I come across a web application on a bounty program where the returnurl was placed in […]
Workable Reflected File Download
For those who don’t know Workable.com… Workable is affordable, usable hiring software. It replaces email and spreadsheets with an applicant tracking system that your team […]