Meet the Author
Chris Davis Senior Security Consultant
Chris Davis is a Senior Security Consultant at Bishop Fox. His areas of expertise are application penetration testing (static and dynamic) and external network penetration testing.
Chris actively conducts independent security research and has been credited with the discovery of 40 CVEs (including CVE-2019-7551 and CVE-2018-17150) on enterprise-level, highly distributed software. The vulnerabilities he identified included remote code execution and cross-site scripting (XSS).
Chris completed the Cybersecurity Training Program at SecureSet Academy in addition to coursework at Metropolitan State University of Denver.
Security Research:
LEXSS: Bypassing Lexical Parsing Security Controls
CVEs Discovered:
- CVE-2018-17150
- CVE-2018-17151
- CVE-2018-17152
- CVE-2019-7551
- CVE-2019-8371
- CVE-2019-8368
- CVE-2019-15936
- CVE-2019-16246
- CVE-2019-15930
- CVE-2019-15931
- CVE-2019-15932
- CVE-2019-15933
- CVE-2019-15935
- CVE-2019-15934
- CVE-2020-11436
- CVE-2019-17428
- CVE-2019-19632
- CVE-2019-19631
- CVE-2020-9437
- CVE-2020-11438
- CVE-2020-11439
- CVE-2020-11437
- CVE-2020-12648
- CVE-2020-15950
- CVE-2020-15951
- CVE-2020-15952
- CVE-2020-16257
- CVE-2020-16256
- CVE-2020-16261
- CVE-2020-16262
- CVE-2020-16263
- CVE-2020-16260
- CVE-2020-16258
- CVE-2020-16259
- CVE-2020-15949
- CVE-2020-27637
- CVE-2021-26990
- CVE-2021-26991
- CVE-2021-26992
- CVE-2021-28114
Posts from Chris Davis
Jun 22, 2021
LEXSS: Bypassing Lexical Parsing Security Controls
Jun 02, 2021
Froala Editor, Version 3.2.6 Advisory
Jan 11, 2021
CRAN Version 4.0.2 Advisory
Nov 04, 2020
Security Advisory: Immuta Version 2.8.2
Oct 27, 2020
Winston Privacy Version 1.5.4
Aug 12, 2020
TinyMCE, Version 5.2.1 Advisory
Jul 14, 2020
LibreHealth Version 2.0.0
Jun 19, 2020
SecureAuth Version 9.3
Dec 30, 2019
Big Monitoring Fabric Application
Dec 09, 2019
Solismed Version 3.3SP1
Sep 11, 2019
OpenEMR 5.0.1(6) - Technical Advisory Release
Sep 10, 2019
OpenEMR 5.0.1(6) - RCE and XSS
Jul 24, 2019
InterSystems Cache 2017.2.2.865.0 and 2018.1.2 Multiple Vulnerabilities
Mar 08, 2019
Cantemo Portal Version 3.8.4 - Cross-Site Scripting