Hi seclists! I wanted to try posting some of my research here, and I think
this is the right list.
I recently published some research into Apple ID security that culminated
in an XSS on the Apple ID server -- that is, an attacker can pop out an
Apple login page that autofills your credentials and
SEC Consult Vulnerability Lab Security Advisory < 20210827-0 >
===
title: Authenticated RCE
product: BSCW Server
vulnerable version: BSCW Server <=5.0.11, <=5.1.9, <=5.2.3, <=7.3.2, &
SEC Consult Vulnerability Lab Security Advisory < 20210827-1 >
===
title: XML Tag injection
product: BSCW Server
vulnerable version: BSCW Server <=5.0.11, <=5.1.9, <=5.2.3, <=7.3.2, &