07-22-2025, 12:30 PM
High
resolved
resolved
XSS on Amazon Aquisition: elemental
Bug reported by Muhammad Qasim was disclosed at July 22, 2025, 12:48 am | Cross-site Scripting (XSS) - Reflected
The XSS vulnerability on Amazon's acquisition of Elemental was identified and addressed. The summary provided a brief overview of the issue.
Critical
resolved
resolved
[CRITICAL] 0-Click Account Takeover via Password Reset [AUTH-3243] /orchestrator/v1/password_reset/start
Bug reported by osama mohamed was disclosed at July 21, 2025, 10:23 pm | Improper Access Control - Generic
The vulnerability discovered allowed an attacker to reset the password of a victim's account without any user interaction or special privileges. The attacker could intercept the password reset request, modify it with the victim's session data, and successfully take over the victim's account.