Telekom Magenta Musik 360 - Multiple Cross Site Scripting Vulnerabilities

Telekom Magenta Musik 360 - CERT Coordinates

The videos shows the reproduce for the german telekom in a new service they did publish in 2019 Q1. The vulnerabilities are persistent and non-persistent cross site scripting issues within the front / backend of the online service. Remote attackers are able to inject own malicious script codes to the registration process in the exception handling. After the inject the malformed codes are as well exectuable in the backend against managers or administrators of the cms.

The security issues were reported to the telekom cz bug bounty and cert team. The issues was resolved within 2 weeks after the notify of the security contact. Feel free to preview the video of the identification process and reproduce.


PayPal Inc patched medium severity Cross Site Request Forgery Issue

PayPal Inc patched medium severity Cross Site Request Forgery Issue

The independent and individual vulnerability laboratory researcher paresh parmar discovered during the participate in the official paypal bug bounty program a new client-side csrf vulnerability. The security issue was located in the official paypal inc notify online service web-application. The researcher recorded a video to demonstrate the full impact to the paypal notify service.


Researcher Profile:


Subscribe to RSS - Videos