Dark C0d3rs
HackerOne Disclosed Reports - 2025-09-23 - Printable Version

+- Dark C0d3rs (https://darkcoders.wiki)
+-- Forum: Exploit Log (https://darkcoders.wiki/Forum-Exploit-Log)
+--- Forum: Research Papers/Vulnerability reports (https://darkcoders.wiki/Forum-Research-Papers-Vulnerability-reports)
+--- Thread: HackerOne Disclosed Reports - 2025-09-23 (/Thread-HackerOne-Disclosed-Reports-2025-09-23)

HackerOne disclosed reports - 2025-09-23 - hashXploiter - 09-24-2025

Logo
High
resolved

Arbitrary Read of Another Users private repository without Authorization


Bug reported by Dave was disclosed at September 23, 2025, 10:18 pm   |   Insecure Direct Object Reference (IDOR)

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed users with access to any repository to retrieve limited code content from another repository by creating a diff between the repositories. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.18, and was fixed in versions 3.14.17, 3.15.12, 3.16.8 and 3.17.5.


Logo
High
resolved

Stored XSS via LINK Name.


Bug reported by was disclosed at September 23, 2025, 12:17 pm   |   Cross-site Scripting (XSS) - Stored

The LINK NAME was not properly escaped at the Templates page, leading to Stored XSS. The name was reflected in the <script> tag, and due to lack of sanitization, the user could break out of the tag and execute the XSS.