Security – MyAAC

Recent security vulnerabilities (XSS + Session fixation)

slawkens 27/11/202316/04/2024 1

Hello, It’s late, but I will try to describe security vulnerabilities I found recently: 1) XSS in BugTrackerYou visit bug tracker, hacker can login on your account. This works only if you – as admin – logs into bug tracker and there is malicious report/code from user. The fix is here: Fix XSS in bugtracker.php …

Important: Vulnerability found in opentibiabr version

slawkens 25/05/202325/05/2023 0

There has been found recently vulnerability in the opentibiabr version of the MyAAC. If you use this version, you should either remove completely all bazaar pages, or patch this fix: https://github.com/opentibiabr/myaac/commit/bbcb83896e9fed3788db1ce07897fc3274d3430a