-
At the time of this writing, you can add something like
```
alert('hello');
```
in your markdown and it will be executed on page load. Traditionally in WordPress only an Administrator can add …
-
Hi,
I've just test this one into the following test scenario:
1. I've installed the DVWA application over a Windows 2003 Server virtual machine.
2. I've chosen the XSS reflected from the exercises d…
-
Please see http://php-grinder.com/vulns/view/1193443 - $_REQUEST['idx'] is output unescaped (except for trimming trailing colons). It should be escaped by `hsc()`.
-
# Summary
> 123Solar is a lightweight set of PHP/JS files that makes a web logger to monitor your photovoltaic inverter(s). It just need a web server and PHP, no databases are even needed. The philos…
-
Hello,
I would like to report to XSS vulnerability.
The path.
In file src/Client.php line 30
```php
while(false !== $receiveResult = socket_read($socket, 2048, PHP_NORMAL_READ))
{
$rec…
-
Edit: Contents removed until a fix is deployed
-
During testing of this app I've discovered an XSS flaw that can lead to RCE. Is there a secure/[private place I can post details of the issue?
-
```
-
I implemented Search Index in a site recently and already notice XSS attacks ("tries", I guess) popping up in the logs.
While I don't think there are serious issues one keyword _does_ result in a XSL…
-
There is a Cross Site Scripting Security Vulnerability in the HAFAS Client.
For example this link:
https://fahrplan.vmobil.at/webapp/index.html?L=vs_vvv%2Fjs%2Fhafas_webapp_config.js%3Fv%3D1613454…