ahpaleus
ahpaleus
_Severity: High_ Reflected XSS occurs when an application includes untrusted data in the HTML response sent to the user’s browser. In this case, the provided` /admin%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E/admin/login` or `/settings/mfa/delete/` API calls...
_Severity: Low_ Multiple parsing functions do not validate whether their input values are nil before attempting to access elements, which can lead to a panic (index out of range). Panics...
_Severity: Medium_ By manipulating the X-Forwarded-For header, an attacker can spoof an IP address used in the user identity module (/whoami API endpoint). This could lead to unauthorized access if...
_Severity: Medium_ An XSS vulnerability can be triggered by rewriting the Referer header. Although the Referer header is sanitized by escaping some characters that can allow XSS (e.g., [&], [],...
When a logged-in user clicks on a specially crafted link with a `redirect_url` parameter, the user can be redirected to an external website. The user must take an action, such...
_Severity: Medium_ The caddy-security plugin processes the X-Forwarded-Host header, which could lead to various security vulnerabilities (web cache poisoning, business logic flaws, routing-based server-side request forgery [SSRF], and classic server-side...
_Severity: Low_ The processing of the X-Forwarded-Proto header results in redirection to the injected protocol. While this scenario may have limited impact, improper handling of such headers could result in...
_Severity: Low_ The current implementation of the application’s two-factor authentication (2FA) lacks sufficient protection against brute-force attacks. Although the application blocks the user after several failed attempts to provide 2FA...
_Severity: Low_ The caddy-security plugin lacks proper user session invalidation upon clicking the “Sign Out” button; user sessions remain valid even after requests are sent to `/logout` and `/oauth2/google/logout`. Attackers...
_Severity: High_ The admin panel of the application is vulnerable to a stored Cross-Site Scripting (XSS) attack, which can be triggered using Cross-Site Request Forgery (CSRF). This vulnerability allows an...