-
**Describe the bug** 🐛
while adding a new workspace if a user type `">alert(1)` in the name field then the XSS is triggered on workspace.
**To Reproduce**
Steps to reproduce the behavior:
…
-
https://www.prnewswire.com/news-releases/comstar-llc-provides-notice-of-security-incident-301572516.html
-
I will use PortSwigger's "Basic server-side template injection (code context)" task as an example but I have encountered same issue elsewhere.
Currently there is no way to specify a second order ur…
-
**What's the issue?**
This is an enhancement request. *Test Upload of Malicious Files* can be enhanced through following suggestions.
- [ ] 1. Filter Evasion : Add magic byte based evasion to bypa…
-
How to just drop the request and return a fake response?
A detailed API document is a must to use the plugin.
-
- Site: [http://www.zaproxy.org](http://www.zaproxy.org)
- Site: [https://www.zaproxy.org](https://www.zaproxy.org)
**New Alerts**
- **External Redirect** [20019] total: 1:
- [https://www.…
-
Hi, dev team!
There is Path Traversal vulnerability in `wcms/wcms/wex/cssjs.php` file.
The vulnerable code is:
31: `$path = $_GET['path'];`
32: `$html_from_template = htmlspecialchars(file_…
-
Would it be possible to add a static text, or regexp which, if occurs in the HTTP response would instruct Distribute Damage extension to Pause all traffic automatically?
Usecase: if there is a kno…
-
### Describe the bug
When editing the Content-Type header of a section within the multipart/form-data of a request in the Request Editor the CR of the CR/LF line terminator is removed. Specifically,…
-