Lucene search
K

4 matches found

Prion
Prion
added 2024/03/12 8:15 p.m.10 views

Cross site scripting

One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting XSS vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting payload on the stack...

3.5CVSS5.5AI score0.00456EPSS
Exploits0References1
Huntr
Huntr
added 2022/09/06 10:15 p.m.39 views

XSS at app.diagrams.net

Description The application allows the "use" tag to pass on dompurify, which leads to XSS. A strange behaviour bypasses the csp on app.diagrams.net when it has a "?" before the "U" import. Proof of Concept POC diagram: use...

5.8CVSS5.7AI score0.00518EPSS
Exploits1References1
Prion
Prion
added 2018/06/11 9:29 p.m.21 views

Design/Logic Flaw

A mechanism to bypass Content Security Policy CSP protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" library that is part of Firefox's Developer Tools, a...

4.3CVSS7AI score0.01454EPSS
Exploits0References5Affected Software2
myhack58
myhack58
added 2018/03/19 12:0 a.m.61 views

CVE-2017-0135 vulnerability analysis: the use of the Edge of the browser XSS filter bypass CSP-vulnerability warning-the black bar safety net

In this article, I to share the one I at last found the Edge of the browser vulnerabilities. This exploits the browserXSSfilter the defects, to bypass anotherXSSdefensive measures: CSP(Content Security Policy, Content Security Policy. Note that this vulnerability is not in bypassXSSfilter, but th...

4CVSS6AI score0.07693EPSS
Exploits0
Rows per page
Query Builder