-
5.3.1 | Verify that output encoding is relevant for the interpreter and context required. For example, use encoders specifically for HTML values, HTML attributes, JavaScript, URL parameters, HTTP head…
-
To help us diagnose issues efficiently, please include:
[x] A short but descriptive title
[x] A detailed description of the problem including relevant software versions and steps to reproduce
O…
-
### What is the improvement or update you wish to see?
Hello,
I can't find on the next js documentation how to protect against CSRF attacks (https://nextjs.org/docs/advanced-features/security-hea…
-
-
Cross-site scripting (XSS) attacks can occur if untrusted input is not escaped. This applies to templates as well as code. The jinja2 templates may be vulnerable to XSS if the environment has autoesca…
-
Vulnerable Library - jquery-3.3.1.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js
Path to dependency file: /Dashboar…
-
### Proposed change
Currently the proposed way to identify a certain client/session is to include an identifier in the subject. Something like `foo.bar.{sessionid}`. This pattern works well technic…
-
**I'm submitting a ...** (check one with "x")
```
[x] bug report => search github for a similar issue or PR before submitting
[ ] feature request
[ ] support request => Please do not submit suppo…
fsc93 updated
4 months ago
-
X-XSS-Protection has been deprecated - partially due to the rise of CSP, and partially because it can actually increase vulnerability ("XS-Leak" attacks).
References:
* https://owasp.org/www-proje…
-
The `serviceURL` parameter is currently vulnerable to XSS attacks. If you click [HERE](https://auth.devclub.in/user/login/?serviceURL=javascript:alert(document.cookie)) then after logging in you will …