4 matches found
Cross site scripting
One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting XSS vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting payload on the stack...
XSS at app.diagrams.net
Description The application allows the "use" tag to pass on dompurify, which leads to XSS. A strange behaviour bypasses the csp on app.diagrams.net when it has a "?" before the "U" import. Proof of Concept POC diagram: use...
Design/Logic Flaw
A mechanism to bypass Content Security Policy CSP protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" library that is part of Firefox's Developer Tools, a...
CVE-2017-0135 vulnerability analysis: the use of the Edge of the browser XSS filter bypass CSP-vulnerability warning-the black bar safety net
In this article, I to share the one I at last found the Edge of the browser vulnerabilities. This exploits the browserXSSfilter the defects, to bypass anotherXSSdefensive measures: CSP(Content Security Policy, Content Security Policy. Note that this vulnerability is not in bypassXSSfilter, but th...