Change the scope a little, and you might miss the attack that matters most! Just five minutes of screen sharing made me find an unauthenticated XSS in #Weblication's admin panel.
Many pentesters would have missed this vulnerability. And it's not for lack of skill, but because of how projects are scoped. 🧵
#Hacking #BugBounty #Scoping #InfoSec #CyberSecurity #Pentesting #AppSec #CVE_2025_52161
📌 Hab ein kleines neues Weblic für Weblication® CMS gebaut: ein Bookmark-Tool.
Damit lassen sich Links speichern, mit Schlagworten versehen und im Team oder im Intranet teilen. Super praktisch fürs Wissensmanagement.
👉 Mehr Infos hier: https://www.bernardteske.de/bernardteske/weblication_cms/eigene-weblics/bookmarks.php
#Hacking Against Mass Surveillance: #BugBounty Donated to Challenge #Palantir 🧵
During a recent pentest, I found CVE-2025-52161 in the CMS #Weblication. It allowed an unauthenticated attacker to persistently embed JavaScript into the admin panel. This is particularly severe, because the panel can be used to execute commands on the underlying system, leading to a full system compromise.
Konstantin 
bernardteske