-
Hi,
Thanks for your plugin, but i found an xxs exploit in your plugin here :
https://website.com/wp-admin/admin.php?page=CF7DBPluginSubmissions&form_name="/>window.location=String.fromCharCode(,…
-
I'm not an expert on this, but I saw you added `esc_attr()` on POST and GET. Shouldn't you use that also in [/options/index.pnp lines 68-71](https://github.com/stcr/subscribe-to-comments-reloaded/blob…
-
__temporarily redacted until we have a solution__
-
### Summary:
Using a https proxy, you can send a xss(kinda) in a discussions page using
### Steps to reproduce:
1. Start up your https proxy and connect to it
2. Open up a discussions p…
-
`client.name` is rendered into the webpage without escaping:
https://github.com/defenseunicorns/uds-identity-config/blob/v0.5.0/src/theme/login/template.ftl#L57
XSS is possible through the display n…
-
```
What steps will reproduce the problem?
1. If a user is logged into the system, an attacker can exploit add.php by
sending the user a link with a script in the GET field.
2. If the user is logged …
-
```
What steps will reproduce the problem?
1. If a user is logged into the system, an attacker can exploit add.php by
sending the user a link with a script in the GET field.
2. If the user is logged …
-
XSS issues on:
- **Signup screen** - if the user puts a payload as the 'Username' value the payload will execute (use a ' to break into the script)
- **Rename View User action** - where the user puts…
-
```
There should be a filter that restricts the input method. For instance I am
getting a lot of reports of dom based xss via cookie value, and I don't care
because this isn't exploitable. Some p…
-
```
There should be a filter that restricts the input method. For instance I am
getting a lot of reports of dom based xss via cookie value, and I don't care
because this isn't exploitable. Some p…