safeurl-python contains Server-Side Request Forgery

Description In SafeURL it is possible to specify a list of domains that should be matched before a request is sent out. The regex used to compare domains did not work as intended. Impact The regex used was: re.match"?i^%s" % domain, value This has two problems, first that only the beginning and n...

Disucz X3.2 多处反射型XSS漏洞（函数缺陷导致）

简要描述： 某函数缺陷导致的 XSS。 详细说明： member.php?mod=logging&action=login&referer=javascript://www.discuz.net/ 欢迎您回来，Newbie xx，现在将转入登录前页面setTimeout"window.location.href ='javascript://www.discuz.net/';", 2000;setTimeout"window.location.href ='javascript://www.discuz.net/';", 2000; 如果您的浏览器没有自动跳转，请点击此链接...