xss by swf file

In confluence comment module user can embed swf file in their comment, confluence are using a atltoken parameter on GET HTTP request, if the attacker send the link of .swf file the value of src on embed tag to his victim the malicious .SWF won't execute on the victim's browser . We can bypass thi...

Cross Site Request Forgery - Deleting User's Dashboards

Security auditing tests performed on a Jira Bug Issue and Project Tracking Software locally running instance shown that the application is succeptible to Cross-Site Request Forgery attacks within this URL:...