-
```
Running asmSelect against this option will trigger the alert despite the
escaped text.
<script>alert('xss')</script>
Patch file is attached.
```
Original issue reported on code.…
-
I understand you are working on security updates to Archon, so I'm passing archonproject/archon#75 over to you. The issue regards a XXS vuln which a college of mine found here: https://www.openbugbou…
-
https://github.com/lleps/terraform-validator/blob/6f450deff516d2294e39dae092b5d19202c0fad4/api/rest.go#L60
The application's embeds untrusted data in the generated output with WriteHeader, at line …
-
As identified by our bundle audit job in the CI:
```
Name: bootstrap-sass
Version: 3.4.1
CVE: CVE-2024-6484
GHSA: GHSA-9mvj-f7w8-pvh2
Criticality: Medium
URL: https://github.com/advisories/GHSA…
-
**问题描述Description**
kkFileview v4.1.0存在另一处XSS漏洞,可能导致网站cookies泄露。
kkFileview v4.1.0 has another XSS vulnerability, which may lead to the leakage of website cookies.
**漏洞位置vulerable code location…
-
After the template file of ‘index.php?s=order/index' is parsed, there is a controllable variable here.
Fix this:
description = $('').text(description).html();
```
Original issue re…
-
The [`StyleSheet`](https://github.com/FormidableLabs/radium/blob/44df58d0883af38c710c43b59dbccdaf158372e1/src/components/style-sheet.js#L47) and [`Style`](https://github.com/FormidableLabs/radium/blob…
-
```
The description is senssible to Cross Site Scripting.
example: put this in the description:
alert(document.cookie)
Fix this:
description = $('').text(description).html();
```
Original issue re…
-
Archon substitutes unescaped query strings into HTML at various places, making it vulnerable to cross-site scripting attacks. We found out through https://www.openbugbounty.org/incidents/202333/, whi…