social engineering

Vade Secure Gateway Multiple XSS (CVE-2023-29712, CVE-2023-29713, CVE-2023-29714)

Vade Secure Gateway

During a penetration test activity, several reflected cross-site scripting (XSS) vulnerabilities were found on an application developed by the French Company Vade Secure. The vulnerable application is Vade Secure Gateway which is an email box scanning and processing tool for spam removal that can be managed via a web page. Once we identified the...