-
In `database/003-create-image-table.sql`, in the `image` table, there is a column called `mime_type`. Currently, this column allows for arbitrary data to be stored. If someone stores an HTML file with…
-
Hi, there is a xss vulnerability in `websoccer/admin/forgot-password.php`. At line 129, The `$_POST['inputEmail']` is inserted into the value attribute of `` tag and is escaped by `escapeOutput`, whic…
-
### Issue Summary
Uploading an SVG as profile picture, with XSS payload inside, will allow the execution of vulnerable code.
### Steps to Reproduce
1. Create a new SVG with the payload below
2. Up…
-
When deleting a directory from the User Files menu, a confirmation prompt is displayed to the user:
``
However it is possible to create a directory with a malicious name as shown below:
```
…
-
-
크로스 사이트 스크립팅(XSS)
- 공격하려는 사이트에 악의적인 스크립트를 삽입하여 피해자 측에서 해당 스크립트가 수행되도록 함
- 취약점을 이용하여 개인정보 및 쿠키정보를 탈취, 웹 페이지 변조 등을 수행할 수 있음
-
你好,关于这个代码我有许多问题像请教您,方便私下探讨一下吗
-
-
We have recently identified several potential XSS vulnerabilities in PHPVibe that we believe merit immediate attention. We propose to communicate further on this issue via email to maintain confidenti…
-
### Is there an existing issue for this?
- [X] I have searched the existing issues
### Current Behavior
The XSS Payload attached triggers an Stored XSS with the vulnerability **Keycloak 10.0.0 - 18…