-
## Suggestion/Concern
The httpOnly option for cookies is currently set to false, allowing them to be accessed via JavaScript. This poses a security risk as it makes the cookies vulnerable to cross-…
-
### Description
While the new CSRF prevention feature can help with handling reflected XSS attacks, Qute can help with getting the recorded HTML fragments sanitized via some of its customization opti…
-
### Is there an existing issue for this?
- [X] I have searched the existing issues
### What happened?
Hello Project Admin,
Allowing special characters in password fields is essential for cre…
-
MyBB series 1.x up to 1.8.x has XSS security issues affecting the Admin Control Panel (ACP).
Some fields/values managed via the ACP support full or partial HTML, which may be not documented, and ca…
-
# ./bin/gauntlt-docker ../security-testing-class/attacks/xss/xss.attack
/var/lib/gems/2.3.0/gems/gauntlt-1.0.13/lib/gauntlt/runtime.rb:20:in `initialize': No files found in path: ../security-testi…
-
See gtanner's comment in blackberry-webworks/BB10-WebWorks-Framework#18
-
This CSP can be easily added in github pages [as explained here](https://qszhuan.github.io/technology/2015/08/12/add_csp_to_github_blog) and would add more security to the site by protecting users aga…
-
Prevent client-side scripts to run in web browser.
Automatically encode HTML or escape chars in Ajax responses so that code in `` tags cannot be evaluated. There maybe multiple targeted devices that…
-
Vulnerable Library - aiohttp-3.8.3-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Async http client/server framework (asyncio)
Library home page: https://files.pythonhosted.org/packages/7…
-
Hi!
During the penetration testing of DokuWiki, i've identified some vulnerabilities. These vulnerabilities are primarily related to Cross-Site Scripting (XSS) – which would be the A03:2021 – Injec…