-
PLease use training to fix cross sit scripting flaw
-
https://github.com/grevory/bootstrap-file-input/blob/master/bootstrap.file-input.js#L112:
```
$(this).parent().after(''+fileName+'');
```
This opens up users of this library to XSS attacks [1]. `fil…
-
XSS подвержены поля ввода при:
- добавлении файла, папки.
- добавлении FTP(все поля)
- добавлении доступа по IP (все поля)
-
```
http://www.gestiolus.altervista.org/demo/report.php?id=17&nome=%3Cimg%20src=%22h
ttp://blog.informaticalab.com/wp-content/uploads/2012/08/Troll-Face-psd62868.png
%22%20/%3E
```
Original issue rep…
-
## Describe the bug
https://drone.owncloud.com/owncloud/ocis/36110/47/5
```
Scenario Outline: move a file to existing file name # /drone/src/tests/acceptance/fea…
-
Very basic XSS vector identified.
Executes on the torrent details page.
![chrome_2018-09-28_16-41-03](https://user-images.githubusercontent.com/3536087/46218756-587fec00-c33d-11e8-9db0-823e37fb0…
-
'';!--"=&{()}
-
**Describe the bug**
- Insufficient input sanitization in the 'Question Name' and 'Description' fields creates a reflected XSS vulnerability. This could allow admin users to inject malicious scripts …
-
Not really much of a issue because you cant access it unless admin.
But on edit_area_room.php there is a XSS vuln
![](http://i.imgur.com/AvMtTba.png)
Reported by: *anonymous
Original Ticket: [mrbs…
-
### simple xss found
![Screenshot (8)](https://user-images.githubusercontent.com/66913499/93952867-8ef37480-fd67-11ea-9fc5-8bd750e8e0ea.png)