CVE-2022-43015 - Exploiting a Reflected XSS Vulnerability in OpenCATS v.9.6 (`entriesPerPage`)
OpenCATS is a popular open-source Applicant Tracking System (ATS) used by many organizations for recruitment management. In October 2022, a security issue surfaced in version
CVE-2022-3608 - Stored Cross-site Scripting (XSS) Vulnerability in phpMyFAQ Prior to 3.2.-alpha
If you use the open-source FAQ software phpMyFAQ, you need to know about CVE-2022-3608. This vulnerability allows attackers to exploit stored Cross-site Scripting (XSS) issues
CVE-2022-2527 - Arbitrary Content Injection in GitLab Incident Timelines – How it Worked, and Why it Mattered
In the world of version control and DevOps, GitLab is huge. It runs major codebases, automates processes, and tracks code incidents for thousands of companies.
CVE-2022-32149 - How a Malicious Accept-Language Header Can Bring Down Your Go Server
When we think of web application attacks, we often picture SQL injections or XSS. But sometimes, the mildly boring headers we ignore can open up
CVE-2022-39270 - How a Simple Discourse Table of Contents Could Let Attackers Inject HTML
If you run a Discourse forum—say for your club, your company, or a large online community—you likely use, or have seen, the DiscoTOC
Episode
00:00:00
00:00:00