[GSD-2023-1001657] GSD Request #2447

GSD-automation · 2023-01-19T17:16:53Z

--- GSD JSON ---
{
  "vendor_name": "ZeroSSL",
  "product_name": "website",
  "product_version": "all current versions",
  "vulnerability_type": "XSS",
  "affected_component": "https://app.zerossl.com",
  "attack_vector": "phishing",
  "impact": "Theft of private certificate keys, hashed password and/or session hijacking",
  "credit": "mail@michalspacek.cz",
  "references": [
    "https://groups.google.com/a/ccadb.org/g/public/c/kqtoGeEv5Fc"
  ],
  "reporter": "kurtseifried",
  "reporter_id": 582211,
  "notes": "",
  "description": "In the ZeroSSL website https://app.zerossl.com an XSS exists in it that can be attacked via phishing resulting in theft of private certificate keys, hashed password and/or session hijacking. It is not clear if the vendor has fixed this issue or not at this time."
}
--- GSD JSON ---

/cc @kurtseifried

The text was updated successfully, but these errors were encountered:

GSD-automation · 2023-01-19T17:20:16Z

This issue has been assigned GSD-2023-1001657

GSD-automation added check new labels Jan 19, 2023

GSD-automation changed the title ~~GSD Request~~ [GSD-2023-1001657] GSD Request Jan 19, 2023

GSD-automation pushed a commit that referenced this issue Jan 19, 2023

Add GSD-2023-1001657 for #2447

efe737b

GSD-automation closed this as completed Jan 19, 2023

GSD-automation added assigned and removed new check labels Jan 19, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[GSD-2023-1001657] GSD Request #2447

[GSD-2023-1001657] GSD Request #2447

GSD-automation commented Jan 19, 2023

GSD-automation commented Jan 19, 2023

[GSD-2023-1001657] GSD Request #2447

[GSD-2023-1001657] GSD Request #2447

Comments

GSD-automation commented Jan 19, 2023

GSD-automation commented Jan 19, 2023