-
Not all input/output is being sanitized, making the API vulnerable to XSS and SQL injection attacks
1. XSS
The `error` function in `functions.inc` does not encode the `$message` parameter before p…
-
I am currently trying to implement the coraza plugin into traefik, which sits behind a cloudflare tunnel for external access.
As soon as I activate the middleware for the services traefik starts us…
-
KeePassXC-Browser is vulnerable to clickjacking because it is possible to hide the icon or parts of the extension.
A user visits the website for which he has a saved password. If the website is vu…
-
Adding an issue to perhaps get this discussed in a meeting if an online discussion is not enough. We are specifically interested in Safari / iPhone webkit support. While we have been partnering closel…
-
## CVE-2020-13959 - Medium Severity Vulnerability
Vulnerable Library - velocity-tools-2.0.jar
VelocityTools is an integrated collection of Velocity subprojects
with the common goal of creati…
-
My guess is this is already in the plan, but I'll make the request anyways! I tend to over explain but I figure it's better to over explain than under explain and see insecure things get added because…
-
## CVE-2015-9251 - Medium Severity Vulnerability
Vulnerable Library - jquery-1.11.0.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11…
-
### What is your article idea?
This article will guide front-end developers through the essential security practices needed to protect their applications. it will cover key threats like XSS and CSRF …
-
### Description
There is some unexpected redirect (307 Temporary Redirect (from service worker) when clicking a href element from another tab.
When clicking a link: https://instance/tv/0000 short lo…
-
## Feature Request
### **Is your feature request related to a problem? Please describe.**
I encounter an issue when adding multiple security headers to a loco project. I think that the only curren…