-
```
What steps will reproduce the problem?
1. If a user is logged in, an attacker can send him a link to add-tag.php with
javascript in the tag GET field.
2. When the user goes back to the main page,…
-
Doporučil bych v dokumentu explicitně jako doporučení zmínit ošetřování uživatelských vstupů, a to z pohledu:
- délku vstupů jako ochranu proti případným DoS a proti ztrátě dat nebo nečekaným výjimká…
-
# Summary
AutoCMS v5.4 is affected by a Cross-Site Scripting (XSS) vulnerability and a PHP Code Injection vulnerability. The XSS vulnerability can be exploited to capture administrator credentials, w…
-
- HTTP
- HTTP status code
- HTTP method
- HTTP 1.1, 2.0, 3.0
- HTTPS, SSL/TLS
- DNS
- 보안
- CORS
- XSS
- SQL Injection
- 인증
- cookie
- session
- JWT
-
Hello,
I found two vulnerabilities that affect to ClearCanvas ImageServer 3.0 Alpha:
- Cross-site Scripting (XSS) reflected
- HTML Injection
You can reproduce both with the following details…
-
So interestingly enough I'm noticing that a well structured tagging system actually be able to solve a few problems. I'm looking at TM and noticing some minor irritations with searching (search for XS…
-
Hi @abhaybhargav. I have completed the setup as per the process and working with default configurations. But somehow, Playbook UI showing XSS related issues in the story of SQL injection. It seems lik…
-
1. SQL Injection and XSS: Ensure inputs are sanitized to prevent malicious attacks.
2. Permission Checks: Verify that unauthorized users cannot access restricted functionalities.
-
-
As a user, I'd like to be able to add web links to my cards.
I should be able to click them, and have the link open in my default browser.
## ⚠️ Security Note
Implementing this incorrec…