Marcel Hellkamp

5 exploits Active since Dec 2016
CVE-2026-27737 WRITEUP MEDIUM WRITEUP
BigBlueButton has Stored XSS in bbb-playback replay
BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.19, the recording playback (presentation format) was not sanitizing user's input in public chat. This allowed for a malicious actor to craft and carry out a targeted XSS attack, activated on anyone replaying the recording. This issue has been fixed 3.0.19.
CVSS 6.5
CVE-2022-31799 WRITEUP CRITICAL WRITEUP
Bottle < 0.12.20 - Denial of Service via Early Request Binding Error Handling
Bottle before 0.12.20 mishandles errors during early request binding.
CVSS 9.8
CVE-2016-9964 WRITEUP MEDIUM WRITEUP
bottle 0.12.10 - CRLF Injection via redirect() Function
redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call.
CVSS 6.5
CVE-2020-28473 WRITEUP MEDIUM STUB
bottle < 0.12.19 - Web Cache Poisoning via Parameter Cloaking
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.
CVSS 6.8
CVE-2022-31799 WRITEUP CRITICAL WRITEUP
Bottle < 0.12.20 - Denial of Service via Early Request Binding Error Handling
Bottle before 0.12.20 mishandles errors during early request binding.
CVSS 9.8