-
```
In the dangerous eval lesson for WebGoat 5.4, the instructions say to alert
document.cookie to solve the lesson. Firefox and IE prevent the cookie from
being displayed but do not prevent the so…
-
- Site: [https://localhost:5000](https://localhost:5000)
- Site: [http://localhost:5000](http://localhost:5000)
**New Alerts**
- **Content Security Policy (CSP) Header Not Set** [10038] total:…
-
### Description
Upgrade `tough-cookie` to a non vulnerable version.
The upgrade to `cypress 12.x.x `should solve some of the vulnerability issues in this alert. Might need to find an
alternative to…
-
- Site: [https://localhost:5000](https://localhost:5000)
- Site: [http://localhost:5000](http://localhost:5000)
**New Alerts**
- **Content Security Policy (CSP) Header Not Set** [10038] total:…
-
- Site: [https://localhost:5000](https://localhost:5000)
- Site: [http://localhost:5000](http://localhost:5000)
**New Alerts**
- **Content Security Policy (CSP) Header Not Set** [10038] total:…
-
- Site: [https://localhost:5000](https://localhost:5000)
- Site: [http://localhost:5000](http://localhost:5000)
**New Alerts**
- **Content Security Policy (CSP) Header Not Set** [10038] total:…
-
- Site: [https://localhost:5000](https://localhost:5000)
- Site: [http://localhost:5000](http://localhost:5000)
**New Alerts**
- **Content Security Policy (CSP) Header Not Set** [10038] total:…
-
Tracking issue for:
- [ ] https://github.com/ckenx/kenx-js/security/code-scanning/13
-
Fixes here for Drupal 11 support
- [x] Replace jcookie with alternative
- [x] Fix entity so it no longer uses deprecated code
- [ ] Fix strict types
- [x] Fix full screen alert banner js-cookie
-
# Summary
A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Xinhu RockOA v2.6.3.
# Details
The XSS vulnerability originates from `/include/chajian/inputChajian.php`:
…