Stored Cross-site Scripting (XSS) leads to Account Takeover

🔒️ Requirements - Be able to edit or create documents. - Click of a user on the link. 📝 Description The markdown's link creation feature does not properly sanitize url input, which allows to use error event to execute javascript. Furthermore, due to a lack of HttpOnly flag on sessions cookie, it i...

HTTP Response Splitting

kallithea is vulnerable to HTTP Response Splitting. It is possible because it does not escape the user-provided input from GET 'camefrom' parameter in the login instance, allowing an attacker to inject malicious HTTP headers to control the remaining headers and body of the response of the...