owasp

GIS3W: Persistent XSS in G3WSuite 3.5 – CVE-2023-29998

GIS3W: Persistent XSS in G3WSuite 3.5 – CVE-2023-29998

Overview

During an engagement on a client's public infrastructure, we detected an exposed installation of G3WSuite. Since we were asked to perform a black box pentest on the G3WSuite installation, we had to find a way to gather as much information about the target as possible. Luckily for us,...

Vade Secure Gateway Multiple XSS (CVE-2023-29712, CVE-2023-29713, CVE-2023-29714)

Vade Secure Gateway

During a penetration test activity, several reflected cross-site scripting (XSS) vulnerabilities were found on an application developed by the French Company Vade Secure. The vulnerable application is Vade Secure Gateway which is an email box scanning and processing tool for spam removal that can be managed via a web page. Once we identified the...