Vulnerability Disclosures


b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/, processor/, processor/, service/, service/, and …read more


HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER[‘HTTP_USER_AGENT’] parameter to example_form.ajax.php or example_form.php. …read more