Cross-site Scripting (XSS)

facturascripts/facturascripts is vulnerable to cross site scripting. The vulnerability exists due to a lack of sanitization of the username field allowing an attacker to input maliciously crafted script via the username field when showing 'login-user-not-found' message...

Keybase: Content spoofing due to the improper behavior of the not-found meesage

Hay , At dist.keybase.io , It's possible to inject text in the not-found message in order to trick the user to make him visit website or do something an attacker might be interested in . PoC : https://goo.gl/3WO6iH I've shortened this one because it's really long , it's needed to be on google...