Vulnerabilities tagged "web"

This was a really cool XSS filter bypass due to a parsing differential between PHP's multibyte string functions: `mb_strpos` and `mb_substr` when dealing with invalid UTF-8 sequences.

Three deserialization related issues, two stemming from core of Lucee, and one in Mura a CMS built on Lucee.Lucee is a ColdFusion Markup Language based scripting language the runs on the JVM (Java Virtual Machine) and is intended for the development of web applications...

A rather simple Chrome permission bypass.Basically `chrome.pageCapture.saveAsMHTML()` shouldn't be able to save pages it doesn't have the permissions to read like pages belonging to another extension or chrome pages...

Just another caching issue, this time we've got a GraphQL API that is being used to serve some static files/content.Those requests that should be cached include a `reqIdentifier` parameter in the URL that acts as the cache key...

XSS delivered via profile image upload of an SVG containing the XSS.Fairly common situation where SVG support allows XSS because the SVG's scripts are not sanitized but also one we have basically never talked about on the podcast...

We have an unnamed dashboard application here that allows users to specify objects that will be rendered into the dashboard through JSON blobs.Users can provide dashboard templates in the form of a JSON blob, including an `item` array of which items to render...

Two cross-site scripting vulnerabilities stemming from the handling of clipboard data in Excalidraw and Microsoft Whiteboard. One allows straight forward exploitation, where as the other has a bit of an iframe trick to it.

This one comes down to a normalization difference between Cloudflare's CDN and the ChatGPT backend server.The Cloudflare CDN was setup to cache all requests under the `/share/` endpoint, and the determination of whether a path matches would happen before any percent-encoded characters were decoded...

Andrea Menin brings us a great find with a deviously simple WAF bypass. The core bug belongs to ModSecurity and the variables it exposes to be used by the various rulesets others have created.

This is a great crypto issue that I think anyone could hunt for, it has to do with seeding of random number generators.Generally speaking in many systems if you know the seed you can break/predict the values that will come from the random number generator...