Coret Genealogie hecht grote waarde aan de veiligheid van haar systemen. Ondanks de zorg voor de beveiliging kan het voorkomen dat er toch een zwakke plek is. Als u een zwakke plek in één van onze systemen heeft gevonden hoort Coret Genealogie dit graag, zodat we zo snel mogelijk maatregelen kunnen treffen. Coret Genealogie werkt graag samen met u om onze systemen beter te kunnen beschermen.
| Date | Name | Vulnerability type | Effected part |
|---|---|---|---|
| 2017-03-01 | Kenny Hietbrink | Cross-site scripting (XSS) | Open Archives searchresultspage |
| 2017-03-02 | Kenny Hietbrink | Cross-site scripting (XSS) | Cross-search API van Coret Genealogy |
| 2017-03-02 | Elyesa in der Maur | Cross-site scripting (XSS) | Genealogie Online helppages |
| 2017-04-03 | @secuninja | Cross-site scripting (XSS) | Open Archives homepage |
| 2017-04-24 | Huy Kha @HuyKha_10 | Cross-site scripting (XSS) | Stamboom Gids searchresultpage |
| 2017-04-25 | Robert Wiggins | Cross-site scripting (XSS) | Stamboom Gids searchresultpage |
| 2017-04-28 | Damian Ebelties | Cross-site scripting (XSS) | Genealogie Online familynamespage |
| 2017-04-28 | Damian Ebelties | Cross-site scripting (XSS) | OAI tool |
| 2017-04-28 | Pethuraj | Cross-site scripting (XSS) | Stamboom Forum profilepage, searchpictures and familynamespage |
| 2017-04-28 | Pethuraj | Cross-site scripting (XSS) | Genealogy Online new publicationspage |
| 2017-04-29 | Raju Patil | Cross Site Request Forgery (CRSF) | Open Archive password change page |
| 2017-04-29 | Raju Patil | Cross-site scripting (XSS) | Open Archives searchresultspage |
| 2017-04-29 | Raju Patil | SQL Injectie | Cross-search API |
| 2017-05-05 | Sajibe Kanti | Content Spoofing | Coret Genealogy 404-page |
| 2017-06-30 | Damian Ebelties | Cross-site scripting (XSS) | OAI tool |
| 2017-08-27 | Raju Patil | Cross Site Scripting (XSS) | A2A validation service |
| 2018-02-01 | Ali Hassan Ghori | Cross-site scripting (XSS) | Coret Genealogy |
| 2018-07-13 | lacroute serge | Reflected XSS | Open Archives viewer |
| 2018-11-03 | Chirag Gupta | Readable REST API | Wordpress blog |
| 2018-11-09 | lacroute serge | Cross-site scripting (XSS) | Stamboom Forum recent subjects page |
| 2019-05-06 | Saima Usman | Cross-site scripting (XSS) | Open Archives search (placename) |
| 2019-05-10 | Kerem Tamcı | Cross-site scripting (XSS) | Open Archives overview2 page |
| 2020-01-18 | Yogeshwaran Chandrasekaran | Improper Data Validation & Broken Authentiction | Genealogy Online password reset |
| 2020-01-27 | 4N_CURZE | Cross-site scripting (XSS) | Genealogy Online language selector |
| 2020-03-31 | 4N_CURZE | Cross-site scripting (XSS) | Genealogy Online unescaped url parameter |
| 2020-06-01 | Script_Kiddie | Cross-site scripting (XSS) | Open Archives language setting page |
| 2021-06-26 | gaurang maheta | Security Misconfiguration | Genealogie Online showing composer.json/lock |
| 2022-11-01 | Kasper Karlsson of omegapoint.se | Cross-site scripting (XSS) | Genealogie Online search |
| 2024-10-05 | Cheripally Sathwik | Reflected Cross Site Scripting (RXSS) | Genealogie Online publication search |
| 2024-11-14 | Aluri Hruthik | Cross-site scripting (XSS) | Genealogy Online pedigree page |
| 2025-02-18 | Abhirup Konwar | Open Redirect | Genealogy Online |
| 2025-02-18 | Abhinab Bala | Open Redirect | Genealogie Werkbalk |
| 2025-02-19 | BHAVAN RBN | HTML Injection Leading to Open Redirect | Stamboom Gids / Genealogy Online registration |
Grote dank aan de hierboven genoemde beveiligingsexperts voor hun meldingen!
Als u nog vragen heeft over de wijze waarop Coret Genealogie met responsible disclosure omgaat, neem dan gerust contact via responsibledisclosure@coret.org. We helpen u graag.