CVE-2024-25438

A cross-site scripting XSS vulnerability in the Submission module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function...

PR08-20: Bypassing ASP .NET "ValidateRequest" for Script Injection Attacks

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Microsoft .NET framework comes with a request validation feature, configurable by the ValidateRequest setting. ValidateRequest has been a feature of ASP.NET since version 1.1. This feature consists of a series of filters, designed to prevent class...