Change the scope a little, and you might miss the attack that matters most! Just five minutes of screen sharing made me find an unauthenticated XSS in #Weblication's admin panel.

Many pentesters would have missed this vulnerability. And it's not for lack of skill, but because of how projects are scoped. 🧵

#Hacking #BugBounty #Scoping #InfoSec #CyberSecurity #Pentesting #AppSec #CVE_2025_52161

#Hacking Against Mass Surveillance: #BugBounty Donated to Challenge #Palantir 🧵

During a recent pentest, I found CVE-2025-52161 in the CMS #Weblication. It allowed an unauthenticated attacker to persistently embed JavaScript into the admin panel. This is particularly severe, because the panel can be used to execute commands on the underlying system, leading to a full system compromise.

#InfoSec #CyberSecurity #Pentesting #AppSec #CVE_2025_52161