Coret Généalogie attache une grande importance à la sécurité de ses systèmes. Malgré le souci de la sécurité, il peut arriver qu’il y ait un point faible. Si vous avez trouvé un point faible dans l’un de nos systèmes, Coret Généalogie aimerait l’entendre, afin que nous puissions prendre des mesures aussi rapidement que possible. Coret Généalogie aime travailler avec vous pour mieux protéger nos systèmes.
| Date | Name | Vulnerability type | Effected part |
|---|---|---|---|
| 2017-03-01 | Kenny Hietbrink | Cross-site scripting (XSS) | Open Archives searchresultspage |
| 2017-03-02 | Kenny Hietbrink | Cross-site scripting (XSS) | Cross-search API van Coret Genealogy |
| 2017-03-02 | Elyesa in der Maur | Cross-site scripting (XSS) | Genealogie Online helppages |
| 2017-04-03 | @secuninja | Cross-site scripting (XSS) | Open Archives homepage |
| 2017-04-24 | Huy Kha @HuyKha_10 | Cross-site scripting (XSS) | Stamboom Gids searchresultpage |
| 2017-04-25 | Robert Wiggins | Cross-site scripting (XSS) | Stamboom Gids searchresultpage |
| 2017-04-28 | Damian Ebelties | Cross-site scripting (XSS) | Genealogie Online familynamespage |
| 2017-04-28 | Damian Ebelties | Cross-site scripting (XSS) | OAI tool |
| 2017-04-28 | Pethuraj | Cross-site scripting (XSS) | Stamboom Forum profilepage, searchpictures and familynamespage |
| 2017-04-28 | Pethuraj | Cross-site scripting (XSS) | Genealogy Online new publicationspage |
| 2017-04-29 | Raju Patil | Cross Site Request Forgery (CRSF) | Open Archive password change page |
| 2017-04-29 | Raju Patil | Cross-site scripting (XSS) | Open Archives searchresultspage |
| 2017-04-29 | Raju Patil | SQL Injectie | Cross-search API |
| 2017-05-05 | Sajibe Kanti | Content Spoofing | Coret Genealogy 404-page |
| 2017-06-30 | Damian Ebelties | Cross-site scripting (XSS) | OAI tool |
| 2017-08-27 | Raju Patil | Cross Site Scripting (XSS) | A2A validation service |
| 2018-02-01 | Ali Hassan Ghori | Cross-site scripting (XSS) | Coret Genealogy |
| 2018-07-13 | lacroute serge | Reflected XSS | Open Archives viewer |
| 2018-11-03 | Chirag Gupta | Readable REST API | Wordpress blog |
| 2018-11-09 | lacroute serge | Cross-site scripting (XSS) | Stamboom Forum recent subjects page |
| 2019-05-06 | Saima Usman | Cross-site scripting (XSS) | Open Archives search (placename) |
| 2019-05-10 | Kerem Tamcı | Cross-site scripting (XSS) | Open Archives overview2 page |
| 2020-01-18 | Yogeshwaran Chandrasekaran | Improper Data Validation & Broken Authentiction | Genealogy Online password reset |
| 2020-01-27 | 4N_CURZE | Cross-site scripting (XSS) | Genealogy Online language selector |
| 2020-03-31 | 4N_CURZE | Cross-site scripting (XSS) | Genealogy Online unescaped url parameter |
| 2020-06-01 | Script_Kiddie | Cross-site scripting (XSS) | Open Archives language setting page |
| 2021-06-26 | gaurang maheta | Security Misconfiguration | Genealogie Online showing composer.json/lock |
| 2022-11-01 | Kasper Karlsson of omegapoint.se | Cross-site scripting (XSS) | Genealogie Online search |
| 2024-10-05 | Cheripally Sathwik | Reflected Cross Site Scripting (RXSS) | Genealogie Online publication search |
| 2024-11-14 | Aluri Hruthik | Cross-site scripting (XSS) | Genealogy Online pedigree page |
Un grand merci aux experts en sécurité mentionnés ci-dessus pour leurs rapports!
Si vous avez des questions sur la manière dont Coret Généalogie gère la divulgation responsable, veuillez contacter responsable-disclosure@coret.org. Nous sommes heureux de vous aider.