[FD] XSS in Apple ID Server idmsa.apple.com

Hi seclists! I wanted to try posting some of my research here, and I think this is the right list. I recently published some research into Apple ID security that culminated in an XSS on the Apple ID server -- that is, an attacker can pop out an Apple login page that autofills your credentials and

[FD] SEC Consult SA-20210827-0 :: Authenticated RCE in BSCW Server

SEC Consult Vulnerability Lab Security Advisory < 20210827-0 > === title: Authenticated RCE product: BSCW Server vulnerable version: BSCW Server <=5.0.11, <=5.1.9, <=5.2.3, <=7.3.2, &

[FD] SEC Consult SA-20210827-1 :: XML Tag injection in BSCW Server

SEC Consult Vulnerability Lab Security Advisory < 20210827-1 > === title: XML Tag injection product: BSCW Server vulnerable version: BSCW Server <=5.0.11, <=5.1.9, <=5.2.3, <=7.3.2, &