-
# Exploit Title: CuppaCMS - Non-Persistent Cross-Site Scripting
# Type of vulnerability: XSS (Non-Persistent)
**Description:** Reflected XSS attacks, also known as non-persistent attacks, oc…
-
It may be neccesary to add a config option to disable link preloading as sometimes Cutegram crashes. In adition it could be used as a exploitation vector for CSRF vulnerabilities also for frame ppl (t…
-
Vulnerable Library - bootstrap-3.1.1.min.js
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/lib…
-
# Exploit Title: CuppaCMS - Persistent Cross-Site Scripting
# Type of vulnerability: XSS (Persistent)
**Description:** Stored XSS, also known as persistent XSS, is the more damaging than non-p…
-
Vulnerable Library - htmlsanitizer.5.0.355.nupkg
Cleans HTML from constructs that can be used for cross site scripting (XSS)
Library home page: https://api.nuget.org/packages/htmlsanitizer.5.0.355.n…
-
Hello Yuchen,
👍 Nice work! In order to learn web security, we have to learn the basics of web development. Because web development isn't the goal of this course, everyone will receive the same UI …
-
**Summary**
EyouCMS-V1.6.5 When uploading images locally, the program will use the info parameter to set the parameters carried by the upload form.
Multiple reflective XSS vulnerabilities can be cre…
-
### Expected Behaviour: CSRF protection enabled everything.
### Actual Behaviour: No Anti-CSRF tokens generated for unregistered users / any user profile accessible by all anonymous users
### St…
-
Link: https://hackerone.com/reports/1717169
Date: 2022-09-29 19:40:05 UTC
By: demo-hacker
Weakness: Absolute Path Traversal
Details:
In some ***fantasy world***, the home page of lotus…
-
Link: https://hackerone.com/reports/1717171
Date: 2022-09-29 19:40:19 UTC
By: demo-hacker
Weakness: Absolute Path Traversal
Details:
In some ***fantasy world***, the home page of lotus…