+- Dark C0d3rs (https://darkcoders.wiki)
+-- Forum: Exploit Log (https://darkcoders.wiki/Forum-Exploit-Log)
+--- Forum: Research Papers/Vulnerability reports (https://darkcoders.wiki/Forum-Research-Papers-Vulnerability-reports)
+--- Thread: HackerOne Disclosed Reports - 2025-04-07 (/Thread-HackerOne-Disclosed-Reports-2025-04-07)
HackerOne disclosed reports - 2025-04-07 - hashXploiter - 04-08-2025
resolved
HTML Injection in Business Name Parameter in Payapps
Bug reported by Ahmed Esmail was disclosed at April 7, 2025, 9:37 pm | Code Injection
A HTML injection vulnerability was found in Autodesk Payapps, where arbitrary HTML content could have been injected in emails sent to users on signup. The vulnerability was reported by @0xsom3a and has been fixed by Autodesk.
resolved
Information disclouser from URL parameter "access" lead to Account Takeover
Bug reported by Jovan was disclosed at April 7, 2025, 10:32 am | Information Disclosure
The vulnerability allowed disclosure of sensitive information, such as JWT tokens, from URL parameters. These tokens could be used to gain unauthorized access to user accounts.
resolved
Disclosure of git metadata and springboot actuator information
Bug reported by Juan Felipe Osorio Z was disclosed at April 7, 2025, 8:38 am | Information Disclosure
The vulnerability involved the disclosure of git metadata and Springboot actuator information, which was responsibly disclosed and addressed through collaboration with the hacker.