High-impact vulnerability on one of your subdomains

r3verii r3verii r3verii2 at gmail.com
Mon Jul 28 22:13:25 BST 2025


Hello, my name is Martino Spagnuolo, and I am a cybersecurity researcher.
I am contacting you because I have found a fairly serious vulnerability in
an open source web app. I already contacted the vendor five days ago and
searched the web to extract all instances of this software. One of your
subdomains is included in the extracted list.

Do you have a bug bounty program? If so, I can provide you with all the
details to replicate and test the vulnerability and how to fix it.

At the time of writing this email, the software vendor has not yet
responded, making it a “0day” vulnerability.

Technical details:

Vulnerability score:  High
Vulnerability category: XSS / CSRF
Impact: Admin account takeover
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-www/attachments/20250728/740fdf80/attachment.htm>


More information about the kde-www mailing list