WakaTime: Login Information and Credentials Have Been Leaked on wakatime.com

A security vulnerability was identified on wakatime.com, where user login information, including usernames and passwords, was leaked to the public. The issue appears to have been caused by insufficient protection of sensitive data, potentially due to inadequate encryption or improper handling of...

WakaTime: Unsafe Inline and Eval CSP Usage

Hi Team, The HTTP header of the wakatime.com website includes an unsafe CSP parameter for "script-src". Impact: However, the "script-src" parameter is set to "unsafe-inline" or "unsafe-eval", which allows injection of user passed values, which in result can be misused for Cross-Site Scripting...