Weblate: HTML injection and information disclosure in support panel

Hello Weblate Team! I found HTML injection and information disclosure in support panel Description There is a form to weblate.org and hosted.weblate.org to send to support I poisoned the request, where I inserted such payload in all fields: " After that, when my payload got into the support panel...

GoDaddy Patches Blind XSS Vulnerability

Domain registrar GoDaddy fixed a vulnerability affecting systems used by its customer support agents that could have been abused to take over, modify or delete accounts. Researcher Matthew Bryant said that a riff on a cross-site scripting attack called a blind XSS was to blame. A GoDaddy customer...