-
- Site: [https://test.educationdataexchange.gov.bc.ca](https://test.educationdataexchange.gov.bc.ca)
**New Alerts**
- **CSP: Wildcard Directive** [10055] total: 4:
- [https://test.educationd…
-
- Site: [https://test.educationdataexchange.gov.bc.ca](https://test.educationdataexchange.gov.bc.ca)
**New Alerts**
- **CSP: Wildcard Directive** [10055] total: 4:
- [https://test.educationd…
-
- Site: [https://test.educationdataexchange.gov.bc.ca](https://test.educationdataexchange.gov.bc.ca)
**New Alerts**
- **CSP: Wildcard Directive** [10055] total: 4:
- [https://test.educationd…
-
**Test Environment**
Google Chrome - Version 75.0.3770.142 (Official Build) (64-bit)
**Description**
A malicious actor may insert and finally execute malicious Javascript code.
**Steps to repr…
-
- Site: [https://test.educationdataexchange.gov.bc.ca](https://test.educationdataexchange.gov.bc.ca)
**New Alerts**
- **CSP: Wildcard Directive** [10055] total: 4:
- [https://test.educationd…
-
- Site: [http://www.zaproxy.org](http://www.zaproxy.org)
**New Alerts**
- **HTTPS Content Available via HTTP** [10047] total: 4:
- [https://www.zaproxy.org/cdn-cgi/scripts/5c5dd728/cloudflar…
-
- Site: [https://www.zaproxy.org](https://www.zaproxy.org)
**New Alerts**
- **Strict-Transport-Security Header Not Set** [10035] total: 20:
- [https://www.zaproxy.org/blog/2016-02-19-zap-new…
-
- Site: [https://test.educationdataexchange.gov.bc.ca](https://test.educationdataexchange.gov.bc.ca)
**New Alerts**
- **CSP: Wildcard Directive** [10055] total: 4:
- [https://test.educationd…
-
Hungarian cookie monster filters these websites:
```
elittars.hu###info-bar
eloben.hu##.site > .law-accept
filmkatalogus.hu###oldalalja > div > table
gyakorikerdesek.hu##body > div:nth-of-type(1)
nav…
-
## Summary
The parameter `$notes` is not sanitized after querying from database, so attackers can create a stored XSS attack.
## How to reproduce
1. `curl http:///notes.php --data 'file=1¬es=a…