Florian Nivette

Florian Nivette

Florian Nivette (CEH, CHFI, CEI, GSNA) is a Managing Security Associate at Bishop Fox, where he focuses on application and network penetration testing and in-depth OS-level security. Florian is an active security researcher focusing on web applications, with a number of published CVEs (CVE-2018-11349, CVE-2018-11350, CVE-2018-11351, CVE-2018-13407, CVE-2018-11408, CVE-2018-13409, CVE-2017-77737, CVE-2017-5870, and CVE-2017-6086). He is one of the chief organizers of Nuit du Hack CTF, the largest and most well-known capture-the-flag competition in France, which draws thousands of security researchers annually

Recent Posts by Florian Nivette:

by Florian Nivette, on Dec 30, 2019 10:25:01 AM

ADVISORY SUMMARY This advisory describes an identified vulnerability in the Dradis Pro application Version 3.4.1. One medium-risk vulnerability was identified within the application. Impact The API of Dradis Pro does …

Read Details

by Florian Nivette, on Oct 30, 2018 12:05:36 PM

Product Description YunoHost is an application that is used to manage applications hosted on a Linux server. Additionally, it allows the user to manage the entire Linux system, including installed …

Read Details
Vulnerabilities:Stored Cross-site ScriptingHTTP Header Injection

by Florian Nivette, on Sep 17, 2018 1:28:01 PM

The Wallabag application is affected by one cross-site scripting (XSS) vulnerability that is stored within the configuration page. This vulnerability enables the execution of a JavaScript payload each time an …

Read Details
Vulnerabilities:Stored Cross-site Scripting

by Florian Nivette, on Sep 17, 2018 1:25:59 PM

Product Description Subsonic is an open source web media server that enables the management of media resources such as music or videos. Its official website is www.subsonic.org. The version affected …

Read Details
Vulnerabilities:Stored Cross-site ScriptingReflected Cross-site Scripting

by Florian Nivette, on Aug 30, 2018 12:12:22 PM

Product Description CremeCRM is an open source CRM. It allows organizations to manage business data concerning customers, invoices, orders, and products. Its official website is www.cremecrm.com, and source code can …

Read Details
Vulnerabilities:Stored Cross-site ScriptingReflected Link Manipulation

by Florian Nivette, on Jun 6, 2018 10:45:00 AM

Release Date (Vendor Patch) May 11, 2018 Reported Date May 3, 2018 Vendor Jirafeau Version Affected 3.3.0 Summary Jirafeau is an open source file sharing web application, distributed under an …

Read Details
Vulnerabilities:Stored Cross-site ScriptingReflected Cross-site ScriptingCross-site Request Forgery

Vulnerability Disclosure Policy

Bishop Fox takes security issues very seriously. We believe in coordinated disclosure, and we work closely with vendors and clients to patch vulnerabilities promptly. More on our Disclosure Policy →

Subscribe to Updates