-
# Summary
The ThinkSAAS 3.7.0 application contains a storage XSS vulnerability caused by insufficient sanitization of user input. Specifically, the parameters `site_title`, `site_subtitle`, `site_key…
-
### Community Note
* Please vote on this issue by adding a 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to the original issue to help the commu…
-
### Is your feature request related to a problem? Please describe.
## Problem Statement:
### Rate Limiting
Without rate limiting, the server is vulnerable to abuse, such as brute-force attacks, b…
-
The pros of using a cookie would be:
- Being able to render authenticated pages with SSR
- Protecting ourselves against XSS attacks trying to steal the token. Any script that runs on the page can ac…
-
Lack proper validation for uploaded image files in the backend.
While there is validation in the frontend component "img-box.vue," it is crucial to perform server-side validation as well. This vuln…
-
**🧐 Motivation**
Onchain generation of NFT SVGs is on the rise. Many SVGs rely on third-party string data, e.g. ERC-20 symbols.
To sanitize strings and prevent XSS attacks, developers should onl…
-
Hi all,
I would really appreciate a help/advice on an issue with sanitization. Despite a number of old issues were helpful:
* https://github.com/a-h/templ/issues/422
#### Description
It …
-
cc.execute(query % (sid_from, sid_to))
change to
cc.execute(query, args).
-
### Is there an existing issue for this topic?
- [X] I have searched the existing issues
### Description
I'd love to see the [Content-Security-Policy-Header (CSP)](https://developer.mozilla.o…
-
Showdown has an XSS bug:
https://github.com/showdownjs/showdown/issues/57
Will including `angular-sanitize` as you have it in the README help prevent this?