High
resolved
resolved
XSS on Amazon Aquisition: elemental
Bug reported by Muhammad Qasim was disclosed at July 22, 2025, 12:48 am | Cross-site Scripting (XSS) - Reflected
The XSS vulnerability on Amazon's acquisition of Elemental was identified and addressed. The summary provided a brief overview of the issue.
Critical
resolved
resolved
[CRITICAL] 0-Click Account Takeover via Password Reset [AUTH-3243] /orchestrator/v1/password_reset/start
Bug reported by osama mohamed was disclosed at July 21, 2025, 10:23 pm | Improper Access Control - Generic
The vulnerability discovered allowed an attacker to reset the password of a victim's account without any user interaction or special privileges. The attacker could intercept the password reset request, modify it with the victim's session data, and successfully take over the victim's account.
![[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]](https://64.media.tumblr.com/834502d05f9b014cbc37366fe428a5a7/13cb9841c0799d7a-ff/s500x560/e72398fe92beda2aa80d0329e8b9f4febece7568.gif)
