U.S. General Services Administration

8 total issues disclosed

$0 total paid publicly

Most disclosed (1 disclosures) — Cross-Site Request Forgery (CSRF)

View disclosed reports

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
[Transportation Management Services Solution 2.0] Improper authorization at tmss.gsa.gov leads to data exposure of all registered users Improper Authorization alexandrio Critical 2021-12-08
Unauthorized access to employee panel with default credentials. Authentication Bypass Using an Alternate Path or Channel 7azimo High 2021-11-13
Web Cache Poisoning leading to DoS Denial of Service letm3through Medium 2021-11-08
Path Traversal on meetcqpub1.gsa.gov allows attackers to see arbitrary file listings. Path Traversal 0x0luke Low 2021-10-02
e-mail verification bypass through interception & modification of response status Violation of Secure Design Principles rajeshpatil No rating 2021-09-02
Account takeover through multistage CSRF at https://autochoice.fas.gsa.gov/AutoChoice/changeQAOktaAnswer and ../AutoChoice/changePwOktaAnswer Cross-Site Request Forgery (CSRF) rajeshpatil Medium 2021-07-23
Weak password policy leading to exposure of administrator account access Misconfiguration rajeshpatil Critical 2021-05-20
TAMS registration details API for admins open at https://tamsapi.gsa.gov/user/tams/api/usermgmnt/pendingUserDetails/ Insecure Direct Object Reference (IDOR) skarsom High 2021-05-07