Planet eStream Code Execution / SQL Injection / XSS / Broken Control Vulnerabilities

Planet eStream versions prior to 6.72.10.07 suffer from shell upload, account takeover, broken access control, SQL injection, both persistent and reflective cross site scripting, path traversal, and information disclosure vulnerabilities...

CVE-2022-21694 OTF-006: Broken Website Hardening Control: The CSP can be turned on or off but not configured for the specific needs of the website

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. The website mode of the onionshare allows to use a hardened CSP, which will block any scripts and external resources. It is not possible to configure...