Revive Adserver: Stored XSS in Conversion Statistics via Tracker Name

I found stored XSS on the conversion statistics page. Advertisers can inject malicious JavaScript through tracker names, which executes when admins view conversion reports www/admin/stats-conversions.php:356. I was able to steal admin session cookies using this vulnerability. This is a privilege...

Tuleap 安全漏洞

Tuleap is an open source suite from Enalean Open Source designed to improve the management of software development and collaboration. A security vulnerability exists in Tuleap that stems from cross-site scripting in the tracker name and could lead to the execution of uncontrolled code...