Timmy
Timmy
Imported to intermediate branch.
Hi Guys, Based on the VRT this is considered P2:  Since you both agree with it being P2, I'm going to close this...
@mbiesiad is right, that is the actual VRT entry for that. We've also discussed it with the team and decided to keep that. I'm going to close this issue. If...
I agree with @BountyOverflow. The security impact is very-low since it requires to have physical access to the victim's device or the secret should be exposed in an HTTP endpoint....
I've looked into this deeply and also taken into consideration what has changed from the day this issue was created until today. That CSRF entry is no longer the case,...
I agree with plr0man's comment here. The categorization is based on who does the injection. An XSS from a non-privileged user affecting everyone is P2. The other way around is...
Hey @tess-ss Could use draft a template as suggested? Can you also explain in more detail why you believe there should be a specific VRT entry for it?
Yes, I thought about that as well, therefore asked @tess-ss to share his thoughts. Based on that, I was thinking of a VRT entry with no priority (**Varies**) instead of...
Hey @tess-ss We've discussed this with @p3t3rr4bb1t, I'm thinking of not making any changes since the impact is not always P1. The researchers still have the SQL Injection entry to...
I didn't think of the Priority. I also think that adding LDAP Injection as Varies makes sense. I thought of adding it like this: >Varies | Server-Side Injection | LDAP...