SEC Consult SA-20240522-0 :: Broken access control & API Information Exposure in 4BRO App

Read Time:17 Second

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on May 23

SEC Consult Vulnerability Lab Security Advisory < 20240522-0 >
=======================================================================
title: Broken access control & API Information Exposure
product: 4BRO App
vulnerable version: before 2024-04-17
fixed version: 2024-04-17
CVE number: –
impact: Critical
homepage: https://www.4bro.de
found: 2023-05-07…

Business Logic Flaw: Price Manipulation – AlegroCartv1.2.9

Posted by Andrey Stoykov on Apr 23 # Exploit Title: Business Logic Flaw: Price Manipulation - alegrocartv1.2.9 # Date: 04/2025...

April 24, 2025

Stored XSS in “Message” Functionality – AlegroCartv1.2.9

Posted by Andrey Stoykov on Apr 23 # Exploit Title: Stored XSS in "Message" Functionality - alegrocartv1.2.9 # Date: 04/2025...

April 24, 2025

XSS via SVG Image Upload – AlegroCartv1.2.9

Posted by Andrey Stoykov on Apr 23 # Exploit Title: XSS via SVG Image Upload - alegrocartv1.2.9 # Date: 04/2025...

April 24, 2025

BBOT 2.1.0 – Local Privilege Escalation via Malicious Module Execution

Posted by Housma mardini on Apr 23 Hi Full Disclosure, I'd like to share a local privilege escalation technique involving...

April 24, 2025

USN-7454-1: libarchive vulnerabilities

It was discovered that the libarchive bsdunzip utility incorrectly handled certain ZIP archive files. If a user or automated system...

April 23, 2025

USN-7453-1: Linux kernel (Real-time) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...

April 23, 2025

Smashing Security podcast #414: Zoom.. just one click and your data goes boom!

DOGE Worker’s Code Supports NLRB Whistleblower

Regulating AI Behavior with a Hypervisor

Verizon’s DBIR Reveals 34% Jump in Vulnerability Exploitation

FBI Reveals “Staggering” $16.6bn Lost to Cybercrime in 2024

Vulnerability Exploitation and Credential Theft Now Top Initial Access Vectors

US Data Breach Victim Count Surges 26% Annually

M&S Grapples with Cyber Incident Affecting In-Store Services

Dutch Warn of “Whole of Society” Russian Cyber-Threat

SEC Consult SA-20240522-0 :: Broken access control & API Information Exposure in 4BRO App

Business Logic Flaw: Price Manipulation – AlegroCartv1.2.9

Stored XSS in “Message” Functionality – AlegroCartv1.2.9

XSS via SVG Image Upload – AlegroCartv1.2.9

BBOT 2.1.0 – Local Privilege Escalation via Malicious Module Execution

USN-7454-1: libarchive vulnerabilities

USN-7453-1: Linux kernel (Real-time) vulnerabilities