![]() ![]() ![]() ![]() This URL could inject and execute malicious javascript code that would get executed on the user's browser. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. A Cross-Site Scripting (XSS) vulnerability has been discovered on the OAuth login page. This vulnerability is patched in 4.1.1.įlask-AppBuilder is an application development framework, built on top of Flask. In some use cases this can be intended, but it can also be misused by attackers to execute arbitrary JavaScript code when a user or visitor clicks on a link that is generated from the contents of the link field. As the "Custom" link type is meant to be flexible, it also allows the javascript: URL scheme. It also includes a "Custom" link type for advanced use cases that don't fit any of the pre-defined link formats. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the relevant URL format. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |