CVE-2023-41885 Piccolo's current `BaseUser.login` implementation is vulnerable to time based user enumeration

Piccolo is an ORM and query builder which supports asyncio. In versions 0.120.0 and prior, the implementation of BaseUser.login leaks enough information to a malicious user such that they would be able to successfully generate a list of valid users on the platform. As Piccolo on its own does not...

U.S. Dept Of Defense: Reflected XSS through ClickJacking

Description: Hello DoD team i found an reflected XSS that require user interaction, but it's suspicious due the reflected payload in the page ███████ So in this case i chain it with click-jacking with image background same like the legal website to make it more trusting ████████ below is the code...