Collaborate Disseminate
There is a website that allows searching for content (without need for authentication). It uses GET parameter named "query" to search and it is vulnerable to reflected XSS. What is CVSS 3.0 score in the following scenarios?:
Vul… Continue reading CVSS 3.0 score for reflected XSS vulnerability in GET parameter [closed]
It is possible to have JavaScript code in pdf or svg files. I think JavaScript inside svg runs in almost all browsers and I think JavaScript inside pdf generally always runs in chrome.
So during a pentest we have seen that the website allo… Continue reading A web site allows upload of pdf/svg files, can we say it is vulnerable to Stored XSS?
Singapore citizens, beware! Cybercriminals are targeting your digital identities and KYC data, starting at just $8, putting users at risk of exploitation. Learn how to protect your data, finances, and reputation with strong passwords, multi-factor auth… Continue reading Stolen Singaporean Identities Sold on Dark Web Starting at $8
Mailcow email servers faced critical vulnerabilities (CVE-2024-31204 and CVE-2024-30270) allowing potential remote code execution. Update to Mailcow 2024-04 (Moopril Update) to patch the security holes and keep your email server safe. Continue reading Mailcow Patches Critical XSS and File Overwrite Flaws – Update NOW
I’m looking at an XSS lab that has the tags: script, iframe, object and embed filtered, and all on* attributes are filtered. However, svg is allowed.
Is this exploitable, with no user interaction required? I’m sure I’ve seen other ways to … Continue reading SVG XSS – When script tag and on* attributes are filtered
I have the following code from an XSS challenge and I’ve been told that it’s vulnerable to XSS. And the hint to the question points to https://html.spec.whatwg.org/multipage/parsing.html#tag-open-state
<script>
let input = (new URL(l… Continue reading XSS against improper character sanitization
Fastly researchers discover unauthenticated stored XSS attacks plaguing WordPress Plugins including WP Meta SEO, and the popular WP… Continue reading Popular WordPress Plugins Leave Millions Open to Backdoor Attacks
I noticed that whenever someone tries to send XSS data, Cloudflare blocks it.
So I tested it and concluded the pattern.
I want to implement a Regex that detects any XSS pattern and block it.
Note: I already made sure that my client side e… Continue reading Is it a good idea to implement an XSS blocking middleware like cloudflare?
I’d like to set up a self-hosted Ghost.org blog for a SaaS. I have two options:
example.com/blog
blog.example.com
Everywhere I read they recommend the /blog for SEO. However, I’m concerned about the security considerations of such setup…. Continue reading Running blog under /blog, security considerations
By Deeba Ahmed
Is your WordPress site using LiteSpeed Cache? A recent surge in malicious JavaScript injections targets vulnerable versions. Learn how to identify the signs of infection and prevent future attacks. Patch, scan, and secure your WordPress… Continue reading LiteSpeed Cache Plugin XSS Vulnerability Affects 1.8M WordPress Sites