Vulnerabilities (Page 6)

Copy-paste XSS in vditor text editor [CVE-2021-32855]

web

Copying and pasting an HTML element with a script within it can result in an XSS in vditor text editor.This does feel like a bit of a stretch for an attack scenario, pasting in malicious content to an editor, but not really a thread situation I’ve thought much about either…

 

In the land of PHP you will always be (use-after-)free

A bug and exploit that hearkens back to old-school browser exploitation. The bug is a use-after-free in concat_function() for variable concatenation, which is abused in the PHP engine to escape disable_functions and open_basedir sandboxing.

 
4
5
6
7
8
9
10