Original Post: How I Discovered a CVE by Scanning Open Source Repositories | by Scott Lindh | May, 2024
The author shares their journey of discovering a Cross-Site Scripting vulnerability in the search functionality and course tags of the open-source CMS/LMS Frappe, earning a CVE (2023-5555) in the process. They used a SAST tool called SemGrep to identify and report the vulnerabilities, reaching out to the maintainers and ultimately getting the issue patched. The author commends Frappe LMS and Huntr for their quick response and transparency in handling the security issue. They encourage bug hunters to explore the capabilities of platforms like Huntr and emphasize the importance of staying informed and vigilant in cybersecurity.
Go here to read the Original Post