Yaniv Nizry (@YNizry) | writeups.xyz

Title	Vulnerabilities	Programs	Authors
Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities	Reflected XSS CSRF Security Code Review	Pyspider	Yaniv Nizry (@YNizry)
mXSS: The Vulnerability Hiding in Your Code	Mutation XSS	Undisclosed	Yaniv Nizry (@YNizry)
Apache Dubbo Consumer Risks: The Road Not Taken	Insecure Deserialization Security Code Review	Apache Dubbo	Yaniv Nizry (@YNizry)
Reply to calc: The Attack Chain to Compromise Mailspring	Mutation XSS RCE Electron CSS Exfiltration	Mailspring	Yaniv Nizry (@YNizry)
Excessive Expansion: Uncovering Critical Security Vulnerabilities in Jenkins (CVE-2024-23897 & CVE-2024-23898)	Cross-Site WebSocket Hijacking (CSWH) Data Leak Arbitrary File Read Security Code Review	Jenkins	Yaniv Nizry (@YNizry)
Playing Dominos with Moodle's Security (2/2)	Self-XSS Account Takeover OAuth Security Code Review	Moodle	Yaniv Nizry (@YNizry)
Playing Dominos with Moodle's Security (1/2)	Stored XSS Arbitrary Folder Creation RCE Security Code Review	Moodle	Yaniv Nizry (@YNizry)
Pimcore: One click, two security vulnerabilities	Path Traversal SQL Injection Arbitrary File Write RCE Security Code Review	Pimcore	Yaniv Nizry (@YNizry)

Page 1 of 1