2 matches found
DOMPurify 安全漏洞
DOMPurify is a DOM Document Object Model for HTML, MathML and SVG written in JavaScript by Cure53 Personal Developer. A security vulnerability exists in DOMPurify 3.2.5 and earlier versions that stems from scripts/server.js not ensuring that the pathname is in the current working directory...
Blogifier design flaws
Blogifier is a lightweight open source blog system written using ASP.NET Core . Blogifier 2.3 prior to 2019-05-11 fails to restrict the API properly, as shown by the lack of a check in the pathname for... The check shown in the...