@lpi1.bsky.social
all bugs are in "AEM Forms", probably not deployed by default with all AEM instance.
October 16, 2025 at 11:59 AM
all bugs are in "AEM Forms", probably not deployed by default with all AEM instance.
I hope it's gonna be a fortinet zeroday, I'd like to se De Niro do /../ and then bypass the fix with /..;/
December 24, 2024 at 7:26 AM
I hope it's gonna be a fortinet zeroday, I'd like to se De Niro do /../ and then bypass the fix with /..;/
Nice, would be a quite good impact if the target also has an official account here.
November 22, 2024 at 8:53 AM
Nice, would be a quite good impact if the target also has an official account here.
They should start getting CVEs 🙃
November 15, 2024 at 10:07 AM
They should start getting CVEs 🙃
The question I often face handling that kind of bugs is weather having to target a specific user (admin) with social engineering would make the attack complexity High or is User interaction "required" enough here to have a realistic CVSS score.
November 15, 2024 at 10:00 AM
The question I often face handling that kind of bugs is weather having to target a specific user (admin) with social engineering would make the attack complexity High or is User interaction "required" enough here to have a realistic CVSS score.
In my opinion PR is None as it is a relfected XSS, the attacker does not need privileges to craft the payload and send it to an admin.
November 15, 2024 at 9:56 AM
In my opinion PR is None as it is a relfected XSS, the attacker does not need privileges to craft the payload and send it to an admin.