-
Hello,
I would like to report for XSS vulnerability.
In file https://github.com/cobub/razor/blob/2c991aff4a9c83f99e77a03e26056715706f15c0/web/application/controllers/manage/product.php
```php…
-
Critical Vulnerability of cross-site scripting can be triggered by using simple html image tag which will trigger javascript code on onerror event and can compromise client side renderring that v…
-
bootbox.confirm and alert use jquery's .html() (and other functions) that add content to html elements. These are a potential XSS security issue since jquery evaluates the content.
Here's a work…
-
Logtrail does not escape HTML characters, so it's possible for a malicious user to execute Cross-Site Scripting attacks by having script tags output in the logs in some way. Specifically, this is trou…
-
Example: https://tools.wmflabs.org/supercount/index.php?user=%22%3E%3Cmarquee%3EXSS%3C/marquee%3E%3Cscript%3Ealert%28%27XSS%27%29%3B%3C%2Fscript%3E&project=&toplimit=10
-
```
The description is senssible to Cross Site Scripting.
example: put this in the description:
alert(document.cookie)
Fix this:
description = $('').text(description).html();
```
Original issue re…
-
Hello,
I would like to report a vulnerability that I have found on textAngular v1.5.16 in which Cross-Site Scripting (XSS) attack is possible.
Here the link parameter is vulnerable to XSS.
Deta…
-
I just tried implementing this in conjunction with [bootstrap-markdown](https://github.com/toopay/bootstrap-markdown), and one of the first things I tested was how JS is stripped from links. It appea…
-
```
The description is senssible to Cross Site Scripting.
example: put this in the description:
alert(document.cookie)
Fix this:
description = $('').text(description).html();
```
Original issue re…
-
Magnific Popup uses a parameter called `preloader`, which by default is set to `true`.
Using a specifically crafted payload (in src URL) two things happen:
Initially, the `text` variable in the…