+- Dark C0d3rs (https://darkcoders.wiki)
+-- Forum: Exploit Log (https://darkcoders.wiki/Forum-Exploit-Log)
+--- Forum: Research Papers/Vulnerability reports (https://darkcoders.wiki/Forum-Research-Papers-Vulnerability-reports)
+--- Thread: HackerOne Disclosed Reports - 2026-01-14 (/Thread-HackerOne-Disclosed-Reports-2026-01-14)
HackerOne disclosed reports - 2026-01-14 - hashXploiter - 01-15-2026
resolved
Roundcube Webmail Style Sanitizer can be bypassed using CSS Character Escapes
Bug reported by SomeRandomDeveloper was disclosed at January 14, 2026, 1:05 pm | Information Disclosure
A vulnerability was discovered in the style sanitizer of Roundcube Webmail that allowed bypassing the sanitizer using CSS character escapes. This enabled the use of arbitrary inline CSS, such as the `url()` function, which could be used to retrieve the IP address and user agent of the person reading the email.
resolved
[revive-adserver] Reflected XSS in Banner Delivery Options via cap parameter
Bug reported by Patrick was disclosed at January 14, 2026, 10:51 am | Cross-site Scripting (XSS) - Reflected
resolved
Reflected XSS in banner-acl.php and channel-acl.php via executionorder
Bug reported by Patrick was disclosed at January 14, 2026, 10:51 am | Cross-site Scripting (XSS) - Reflected
resolved
Reflected XSS in afr.php
Bug reported by Huynh Pham Thanh Luc was disclosed at January 14, 2026, 10:50 am | Cross-site Scripting (XSS) - Reflected
resolved
Broken Access Control allows advertiser accounts to delete trackers they do not own
Bug reported by Jad Ghamloush was disclosed at January 14, 2026, 10:49 am | Improper Access Control - Generic
resolved
INI Format string injection in Revive Adserver 6.0.4 settings
Bug reported by Faraz Ahmed was disclosed at January 14, 2026, 10:48 am | Use of Externally-Controlled Format String