Go Restful API Boilerplate: Hardcoded JWT Secret "random" Allows Token Forgery

Vulnerability: CWE-798 — Hardcoded JWT Secret + Broken Mitigation Affected Component - github.com/dhax/go-base — Go REST API boilerplate go-chi/jwtauth/v5, Viper, PostgreSQL/Bun - 1,685 stars on GitHub Vulnerability Locations | File | Line | Role | |------|------|------| | dev.env | 10 |...

Reflected Cross Site Scripting (XSS)

silverstripe/framework is vulnerable to cross-site scripting XSS. The vulnerability is due to improper handling of error messages, which allows execution of a malicious payload included in a URL when the website is set to the "dev" environment mode...

GHSA-MQF3-QPC3-G26Q Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message

!IMPORTANT This vulnerability only affects sites which are in the "dev" environment mode. If your production website is in "dev" mode, it has been misconfigured, and you should immediately swap it to "live" mode. See https://docs.silverstripe.org/en/developerguides/debugging/environmenttypes/ for...

Imgur: Sourcemaps and Unminified Source Code Exposed on Pages

Hello, I'm not sure if this was actually meant to be made public on purpose, but I was looking through some of the sources that were loaded and found out the following: https://imgur.com/ - See ██████ s.imgur.com - desktop-assets - js contains multiple minified JS files as one would usually expec...