coretgenealogy

Responsible disclosure

Coret Genealogy attaches great importance to the safety of its systems. Despite the concern for security, it can happen that there is a weak spot. If you have found a weak spot in one of our systems, Coret Genealogy would like to hear it, so that we can take measures as quickly as possible. Coret Genealogy likes to work with you to better protect our systems.


Index



What does Coret Genealogy require from you?


Which actions must be avoided?


What can you expect from Coret Genealogy?


What vulnerabilities have been reported? - Hall of fame

DateNameVulnerability typeEffected part
2017-03-01Kenny HietbrinkCross-site scripting (XSS)Open Archives searchresultspage
2017-03-02Kenny HietbrinkCross-site scripting (XSS)Cross-search API van Coret Genealogy
2017-03-02Elyesa in der MaurCross-site scripting (XSS)Genealogie Online helppages
2017-04-03@secuninjaCross-site scripting (XSS)Open Archives homepage
2017-04-24Huy Kha @HuyKha_10Cross-site scripting (XSS)Stamboom Gids searchresultpage
2017-04-25Robert WigginsCross-site scripting (XSS)Stamboom Gids searchresultpage
2017-04-28Damian EbeltiesCross-site scripting (XSS)Genealogie Online familynamespage
2017-04-28Damian EbeltiesCross-site scripting (XSS)OAI tool
2017-04-28PethurajCross-site scripting (XSS)Stamboom Forum profilepage, searchpictures and familynamespage
2017-04-28PethurajCross-site scripting (XSS)Genealogie Online new publicationspage
2017-04-29Raju PatilCross Site Request Forgery (CRSF)Open Archive password change page
2017-04-29Raju PatilCross-site scripting (XSS)Open Archives searchresultspage
2017-04-29Raju Patil SQL InjectieCross-search API
2017-05-05Sajibe KantiContent SpoofingCoret Genealogy 404-page
2017-06-30Damian EbeltiesCross-site scripting (XSS)OAI tool
2017-08-27Raju PatilCross Site Scripting (XSS)A2A validation service
2018-02-01Ali Hassan GhoriCross-site scripting (XSS)Coret Genealogy
2018-07-13lacroute sergeReflected XSSOpen Archives viewer
2018-11-03Chirag GuptaReadable REST APIWordpress blog
2018-11-09lacroute sergeCross-site scripting (XSS)Stamboom Forum recent subjects page
2019-05-06Saima UsmanCross-site scripting (XSS)Open Archives search (placename)
2019-05-10Kerem TamcıCross-site scripting (XSS)Open Archives overview2 page

Big thanks to the above mentioned security experts for their reports!


Questions about responsible disclosure?

If you have any questions about the way Coret Genealogy handles responsible disclosure, please contact us at responsibledisclosure@coret.org. We are happy to help you.