CVE-2018-4878 case: for a Hong Kong Telecommunications Company website is intrusion investigations-vulnerability and early warning-the black bar safety net

! Earlier, a researchers found that a Hong Kong Telecommunications Company website hacking attack, 3 May 21, Morphisec laboratory on the site of attack to carry out the investigation, investigators eventually found that the telecommunications company of the Group's official website was hacked, th...

Phabricator: HTML in Diffusion not escaped in certain circumstances

HTML in Diffusion source code listing is not escaped Steps to reproduce: have the syntax hilight turned on the file is bigger than 256kB, thus syntax hilight is claimed in header to be turned off automatically, however, plaintext file doesn't display like with regular manual syntax highlight off,...

Phabricator: XSS with Time-of-Day Format

Go to your user preferences - Put the following into Time-of-Day Format with the quote: '' - Open a repository diffusion - XSS-Popup The repository file-overview is the only place where I could see the XSS so far. Because it's a user own preference, it is not easy to actually do something...

Phabricator: Phabricator Diffusion application allows unauthorized users to delete mirrors

I have succesfully reproduced this issue following these steps: - Creating a repository with an administrator user - Checking that my "guest" user hasn't access to the newly created repository: http://phabricator/diffusion/TEST/edit/ - However, the guest user does have access to delete the mirror...