-
Must include and set by default the following XSS filter:
* https://github.com/VisionistInc/showdown-xss-filter
-
### Preconditions (*)
1. Run Magento with Nginx + Modsecurity with Core OWASP rules enabled Or Run Cloudflare with Managed OWASP rules enabled.
### Steps to reproduce (*)
1. Goto any plac…
-
According to the documentation style attributes can be filtered using CSS filter. How can I filter also values between style tags not only attributes?
E.g. `.XSS{background-image:url("javascript:aler…
-
Hi everyone,
I am currently trying to implement Coraza into my Caddy setup, but for some reason the hostname of blocked requests does not get logged. As you can see in the log samples below, the ho…
-
From [MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection):
> - Chrome has an "[Intent to Deprecate and Remove the XSS Auditor](https://groups.google.com/a/chromium.org/…
-
"m-XSS vectors bypassed widely deployed server-side XSS protection techniques (like HTML Purifier, kses, htmlLawed, Blueprint and Google Caja), client-side filters (XSS Auditor, IE XSS Filter), Web Ap…
-
Hello:
Moodle 3.1.3+ Plugin “PoodLL Filter” – Cross-Site Scripting(XSS)
Procuct: Moodle plugin “PoodLL Filter”
Download url: https://moodle.org/plugins/filter_poodll
Vunlerable Version: 3.0.20 a…
-
The JQuery API exposes several methods whose use in application code carries a high risk of introduction of XSS vulnerabilities.
For example, code such as `myElement.html(val)` results in XSS if `val…
-
Hi,
I am getting some XSS Reflected and persistent alerts generated when a .xls or .pdf file contains unsantised XSS injection strings. I do not want to add an alert filter because it is an .asp p…
-
Chat and username input are exposed to xss, and therfore a [xss-filter](https://github.com/YahooArchive/xss-filters) needs to be implemented.