-
- [ ] Write action items from https://vuejs.org/guide/best-practices/security.html
Lighthouse report:
- [ ] Ensure CSP is effective against XSS attacks
A strong Content Security Policy (CSP) …
-
`|raw` needs to be removed from the rendering of this block
`|render` should work for the logic check
`|t` should work for the embed rendering
-
## Suggestion/Concern
The httpOnly option for cookies is currently set to false, allowing them to be accessed via JavaScript. This poses a security risk as it makes the cookies vulnerable to cross-…
-
The scanner can detect reflect/stored XSS attacks that may actually be there, but are actually prevented by CSP. It would be great if it could notify you or reduce the risk if CSP would actually fix …
april updated
8 years ago
-
MyBB series 1.x up to 1.8.x has XSS security issues affecting the Admin Control Panel (ACP).
Some fields/values managed via the ACP support full or partial HTML, which may be not documented, and ca…
-
# Summary
The ThinkSAAS 3.7.0 application contains a storage XSS vulnerability caused by insufficient sanitization of user input. Specifically, the parameters `site_title`, `site_subtitle`, `site_key…
-
### Description
Dear colleagues,
it seems that the default values for the SECURE and HTTPONLY flags of cookies, **especially** for the PHP session cookie, (PHPSESSID) are not set to true. This o…
-
Vulnerable Library - nltk-3.7-py3-none-any.whl
Natural Language Toolkit
Library home page: https://files.pythonhosted.org/packages/43/0b/8298798bc5a9a007b7cae3f846a3d9a325953e0f9c238affa478b4d59324/…
-
Vulnerable Library - bootstrap-3.3.7.min.js
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/lib…
-
### Description
While the new CSRF prevention feature can help with handling reflected XSS attacks, Qute can help with getting the recorded HTML fragments sanitized via some of its customization opti…