-
```
using: http://shellinabox.googlecode.com/svn/trunk/demo/demo.html
but with linkifyURLs = 2 (instead of 1), print:
print "javascript:'@1.3.3.7/http://',alert(1);"
it will create a link that whe…
-
Impact version:3.4.0 a
payload:
http://localhost/GetSimpleCMS/admin/health-check.php/%F6%3Cimg%20src=x%20onerror=alert(1)%20//%F6%3E
![0308](https://user-images.githubusercontent.com/48396622/54079…
-
Affected software: Pixelimity CMS
Type of vulnerability: XSS (Stored XSS)
Discovered by: BreachLock
Website: https://www.breachlock.com
Author: Subodh Kumar
Description: Pixelimity CMS …
-
### Community Note
* Please vote on this issue by adding a 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to the original issue to help the…
-
This is a best practise/non critical issue, which was reported by Marcus Niemietz, a Web security researcher at the
Ruhr-University Bochum in Germany.
See the attached video for a demo of the hack. I…
-
**Reflected_XSS_All_Clients** issue exists @ **src/main/webapp/vulnerability/xss/search.jsp** in branch **master**
*The application's <%=searchedName%> embeds untrusted data in the generated …
-
**Describe the bug**
It's possible to execute JS on application context by modifying the API query values when saving a template.
**To Reproduce**
Access to a new dashboard in graphite-web instan…
-
-
**Jodit Version:** 3.4.xxxxx
**Browser:** Chrome
**OS:** Windows
**Is React App:** True
**Code**
When embedding the script in WYSIWYG, it will work fine when you click on the prev…
-
We run ZAP against Google Firing Range (FR) using a scheduled task and publish the results on https://www.zaproxy.org/docs/scans/firingrange/
This is a tracker issue which covers improving the ZAP …