I have found several vulnerabilities in open-source system LibreHealth EHR 2.0.0. More precisely 1 SQL-injection (CVE-2022-29938) and 2 Cross-site scripting (XSS) (CVE-2022-29939, CVE-2022-29940) vulnerabilities.
Tag: xss
My speech at Kolesa Conf’21
I spoke at conference Kolesa Conf’21 several days ago with topic “Hacking up-to-date Wordpress”. Presentation shows that cross-site scripting (XSS) almost always will lead to client-side request forgery, and most times to remote code execution (RCE) even in the case with freshest Wordpress.