Skip to content
View cassis-sec's full-sized avatar
💜
Make SSRF Great Again
💜
Make SSRF Great Again

Block or report cassis-sec

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
cassis-sec/README.md

cassis@pwnbox:~$ whoami

  • I am 23 years old and live in Rome
  • Cyber Security Analyst & Security Researcher

Full Metal Alchemist

⚡Technologies

Parrot Splunk Cynet Redmine DarkTrace

📰 Public CVE

Date CVE ID Description
01/30/2024 CVE-2024-22648 A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality of SEO Panel version 4.10.0. This makes it possible for remote attackers to scan ports in the local environment.
01/30/2024 CVE-2024-22647 An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames.
01/30/2024 CVE-2024-22646 An email address enumeration vulnerability exists in the password reset function of SEO Panel version 4.10.0. This allows an attacker to guess which emails exist on the system.
01/30/2024 CVE-2024-22643 A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version 4.10.0 allows remote attackers to perform unauthorized user password resets.
11/04/2023 CVE-2023-26847 A stored Cross-Site Scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/index.php?m=candidates.
11/04/2023 CVE-2023-26846 A stored Cross-Site Scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates.
11/04/2023 CVE-2023-26845 A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows attackers to force users into submitting web requests via unspecified vectors.

🌐 Social

LinkedIn Twitter GitHub TryHackMe HackTheBox

🥅 GitHub Goals

Quickdraw

Stats

📫 Contacts

ProtonMail OpenPGP

Pinned Loading

  1. CVE CVE Public

    List of vulnerabilities that I discovered.

    1