Radu Stefanescu
Radu Stefanescu
An attacker or a malicious administrative user with access to the GIT platform or the GIT repository can obtain or create a public leak of a wide range of credentials...
Affected versions of yargs-parser are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of Object, causing the addition or modification of an...
By using the https://prod-api.stamacasa.ro/api/profile/family/ IDOR an attacker is able to stop all users from receiving daily emails, as they are only sent to users without the ParentId set. `backend/src/StamAcasa.Common/Notifications/AssessmentNotificationsDispatch.cs`
When the server relies on protection mechanisms placed on the client side, an attacker can modify the client-side behavior to bypass the protection mechanisms resulting in potentially unexpected interactions between...
When viewing the source page of https://prod.stamacasa.ro/env-config.js , an user is able to access the env-config.js of the application which may expose sensitive information about the build environment
https://www.figma.com/file/rdg8gZtSWNYaVtupMtdhST/CoVid---Stam-Acasa?node-id=144%3A2
https://www.figma.com/file/rdg8gZtSWNYaVtupMtdhST/CoVid---Stam-Acasa?node-id=144%3A535