-
# Summary
A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Xinhu RockOA v2.6.3.
# Details
The XSS vulnerability originates from `/webmain/model/flow/flow.php`:
```
…
-
![image](https://github.com/frappe/frappe/assets/63660334/cadef95d-70a1-45e9-a6b4-256cfe9782f9)
`Ignore XSS Filter` is checked for the field **SPF Description**, and values like `` are being ignore…
-
when We enter some strings,such as:
'">
The editor will execute XSS payload
When some cms use this editor, it is easy to get administrator rights by using XSS attack.
-
I have problem with agent, because our company vulnerability detection system reports that http demon used by FusionInventory agent does not use HTTP security headers (X-Frame-Options, X-XSS-Protectio…
-
# Summary
A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Xinhu RockOA v2.6.3.
# Details
The XSS vulnerability originates from `/webmain/model/flow/flow.php`:
```
…
-
lucy-xss-servlet-filter.xml 을 적용 했을때
의 경우 < > 이런식으로 치환해서 들어가지는데
이걸 그리드 상에 출력했을땐 > 이렇게 보여지도록 처리하고 싶은데
이렇게 될 경우 제가 직접 그리 마다 replace(치환할 컬럼, '&'||'lt;' , '
-
MyBB series 1.x up to 1.8.x has XSS security issues affecting the Admin Control Panel (ACP).
Some fields/values managed via the ACP support full or partial HTML, which may be not documented, and ca…
-
# Summary
The ThinkSAAS 3.7.0 application contains a storage XSS vulnerability caused by insufficient sanitization of user input. Specifically, the parameters `site_title`, `site_subtitle`, `site_key…
-
### Describe the bug
phpmyadmin sets the header X-XSS-Protection, some security tools warn about this.
The header is related to an obsolete feature and should probably just not be set at all.
B…
-
# Summary
A reflected Cross Site Scripting (XSS) vulnerability exists in iBarn v1.5 due to improper sanitization of the `$search` parameter in the `html/index.php`, `html/pay.php`, and `html/own.php`…