Home
Vulnerabilty Disclosure Policy
Scope
Acknowledgments
philip.media Logo

Responsible vulnerability disclosure acknowledgements

All vulnerabilties listed here are already fixed.

philip.media would like to thank the following security researchers, who have reported vulnerabilities to us as part of a Responsible Disclosure Procedure:

2023

Researcher Vulnerability CVE Risk level
Automated via Snyk Code Path Traversal CWE-23 Low risk
Automated via Snyk Code Cross-site Scripting (XSS) CWE-79 Medium risk
Jack Works via Dependabot Cross-realm object access in Webpack 5 CVE-2023-28154 Medium risk

2022

Researcher Vulnerability CVE Risk level
Parshwa Bhavsar Unauthorized REST-API Access (WP) CVE-2017-5487 Medium risk
Gaurang Maheta Deprecated SSH Protocol (False positive) CVE-2001-1473 Low risk
Dependabot Cross-domain cookie leakage in Guzzle (guzzlehttp/guzzle) CVE-2022-29248 High risk
Dependabot Fix failure to strip Authorization header on HTTP downgrade in Guzzle (guzzlehttp/guzzle) CVE-2022-31043 Medium risk
Dependabot Failure to strip the Cookie header on change in host or HTTP downgrade in Guzzle (guzzlehttp/guzzle) CVE-2022-31042 Medium risk
Dependabot Change in port should be considered a change in origin in Guzzle (guzzlehttp/guzzle) CVE-2022-31091 Low risk
Dependabot CURLOPT_HTTPAUTH option not cleared on change of origin in Guzzle (guzzlehttp/guzzle) CVE-2022-31090 Medium risk

2021

Researcher Vulnerability CVE Risk level
Intern (pb) Log4Shell CVE-2021-45105 High risk
Gaurang Maheta OpenSSH Username Enumeration   Medium risk
Sivan Mujtaba XSS Vulnerability   Low risk
ykl XSS Vulnerability   Low risk
SECFAULT iFrame injection   Medium risk

2020

Researcher Vulnerability CVE Risk level
No name given Database leakage   High risk