Optimizations in Spring MVC

Spring Fruits Benchmark Abstract Benchmarks are tricky to do well, and the results are often hard to interpret. This analysis attempts to go beyond a simple headline number to explore how performance varies with data set size. The results show that while results might be disappointing for a given...

Cross-site Scripting (XSS)

util-varexport is vulnerable to cross-site scripting. The vulnerability exists in the multiple functions of ViewExportedVariablesServlet.java as it does not properly escape the n-gram indexes in JSON before being rendered, allowing an attacker to inject and execute malicious JavaScript...

Cross-site scripting invenio-records

Cross-Site Scripting XSS vulnerability in administration interface Impact A Cross-Site Scripting XSS vulnerability was discovered when rendering JSON for a record in the administration interface. The vulnerability could be exploited by e.g. a user who had access to upload a new record, that an...

Design/Logic Flaw

The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for remote authenticated users to guess the access token for a block by leveraging the token from a...

CVE-2013-4445

The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for remote authenticated users to guess the access token for a block by leveraging the token from a...