Axiell Iguana CMS 安全漏洞

Axiell Iguana CMS is a control-based platform from Axiell Inc. for personalizing and communicating with customers. Axiell Iguana CMS has a security vulnerability that originates from an input error in the url parameter on imageProxy.type.php. An attacker exploiting the vulnerability is able to...

Coursera: Stored XSS via transloadit.com and imageproxy

Hello, due to poor input file validation on transloadit.com, it is possible to upload and process any filetype on their server, which would later be uploaded to coursera-profile-photos.s3.amazonaws.com. From there, since imageproxy trusts coursera-profile-photos.s3.amazonaws.com, one can fetch...