-
```
The description is senssible to Cross Site Scripting.
example: put this in the description:
alert(document.cookie)
Fix this:
description = $('').text(description).html();
```
Original issue re…
-
```
SimpleModal or SimpleModal Contact Form (SMCF)? SMCF
Version of SimpleModal of SMCF (indicate Demo or WordPress plugin)? Your Demo
page Download
Version of jQuery? Your version included with…
-
- Site: [https://scan-websites.alpha.canada.ca](https://scan-websites.alpha.canada.ca)
**New Alerts**
- **Content Security Policy (CSP) Header Not Set** [10038] total: 4:
- [https://scan-web…
-
文件xadmin/templates/xadmin/base_site.html 第92行`{{ message|safe }}`使用了safe标记,但是message中的内容有一部分是来自用户的,比如在demo里面,新增一个IDC的时候,名字填入`">` 再点保存就可以看到js代码被执行了,同样修改的时候也会出现该问题。
这里简单地去掉safe标记会影响message中的其他标签,需要从mess…
-
Browsers will reject cookies named with special prefixes unless corresponding conditions are met (for reference, https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#Cookie_prefixes):
- `__Hos…
-
```
SimpleModal or SimpleModal Contact Form (SMCF)? SMCF
Version of SimpleModal of SMCF (indicate Demo or WordPress plugin)? Your Demo
page Download
Version of jQuery? Your version included with…
-
- Site: [https://xyz-demo-shop.azurewebsites.net](https://xyz-demo-shop.azurewebsites.net)
**New Alerts**
- **Content Security Policy (CSP) Header Not Set** [10038] total: 3:
- [https://xyz-…
-
### **Summary**
There is a significant Stored Cross-Site Scripting (XSS) vulnerability identified in dzzoffice 2.02.1 SC UTF8. This vulnerability allows the upload of XML files through Ueditor's uplo…
-
- Site: [https://www.demoblaze.com](https://www.demoblaze.com)
**New Alerts**
- **Information Disclosure - Suspicious Comments** [10027] total: 10:
- [https://www.demoblaze.com/js/index.js](…
-
- Site: [http://www.zaproxy.org](http://www.zaproxy.org)
**New Alerts**
- **HTTPS Content Available via HTTP** [10047] total: 6:
- [https://www.zaproxy.org/cdn-cgi/scripts/5c5dd728/cloudflar…