-
Hi.
Our pentesters discovered a Cross Site Scripting vulnerability that I was able to trace back to pqselect.
If you set one of the option's names in multiselect to something like that:
```
somevalu…
-
The "site_url" in the comment field is vulnerable to XSS. Since I already have a fork of your project which has diverged a bit you wont get a pull request - sorry. But you can fix it by replacing line…
-
Hello,
I would like to report for XSS vulnerability.
In file https://github.com/ZeroDream-CN/SakuraPanel/blob/master/core/PostHandler.php
line 87
```php
$result = $pm->checkRules($_POST);
…
-
This web app is vulnerable to a form of reflective cross site scripting via the upload of a forged PNG file.
By using the method here (https://www.idontplaydarts.com/2012/06/encoding-web-shells-in-…
-
https://docs.rs/pwnies
While hilarious, this should probably be fixed.
-
Hi,
We are using useHistory() from the react-router-dom in our project. Our code was flagged for XSS vulnerability by HPFortify. The following line "window.location.href = href;" seems to be the pr…
-
At the time of this writing, you can add something like
```
alert('hello');
```
in your markdown and it will be executed on page load. Traditionally in WordPress only an Administrator can add …
-
Hi,
I've just test this one into the following test scenario:
1. I've installed the DVWA application over a Windows 2003 Server virtual machine.
2. I've chosen the XSS reflected from the exercises d…
-
Please see http://php-grinder.com/vulns/view/1193443 - $_REQUEST['idx'] is output unescaped (except for trimming trailing colons). It should be escaped by `hsc()`.
-
```