Skip to content

Uncovering Vulnerabilities: My Journey of Discovering a CVE Through Open Source Repository Scans

Original Post: How I Discovered a CVE by Scanning Open Source Repositories | by Scott Lindh | May, 2024

The author shares their journey of discovering a Cross-Site Scripting vulnerability in the search functionality and course tags of the open-source CMS/LMS Frappe, earning a CVE (2023-5555) in the process. They used a SAST tool called SemGrep to identify and report the vulnerabilities, reaching out to the maintainers and ultimately getting the issue patched. The author commends Frappe LMS and Huntr for their quick response and transparency in handling the security issue. They encourage bug hunters to explore the capabilities of platforms like Huntr and emphasize the importance of staying informed and vigilant in cybersecurity.

Go here to read the Original Post

Leave a Reply

Your email address will not be published. Required fields are marked *

Exit mobile version