top | item 29401100 (no title) 28uwedj | 4 years ago DO NOT USE THIS SITE:1. Create Note with the contents <script>alert(1);</script>2. Go to link3. this site is a massive security flaw. discuss order hn newest gigamick|4 years ago This is exactly why I posted here. Thank you so much for this feedback. Will fix and let you know. teitoklien|4 years ago Your laravel php framework debug messages are being exposed to users.Cool site tho, Have a lovely week. gigamick|4 years ago This issue now resolved. svenfaw|4 years ago To clarify, why is being able to display an alert a massive security flaw in this context? retube|4 years ago The alert itself is harmless, but demonstrates that arbitrary javascript - which could certainly not be harmless - can be injected into the page. mynameismon|4 years ago It's not the ability to display alerts that is concerning, but rather, the ability to run untrusted Javascript. This was a proof of concept that showed that it has a serious XSS vulnerability load replies (1) gigamick|4 years ago This is now resolved. Thanks for the feedback! gigamick|4 years ago ISSUE RESOLVED
gigamick|4 years ago This is exactly why I posted here. Thank you so much for this feedback. Will fix and let you know. teitoklien|4 years ago Your laravel php framework debug messages are being exposed to users.Cool site tho, Have a lovely week. gigamick|4 years ago This issue now resolved.
teitoklien|4 years ago Your laravel php framework debug messages are being exposed to users.Cool site tho, Have a lovely week.
svenfaw|4 years ago To clarify, why is being able to display an alert a massive security flaw in this context? retube|4 years ago The alert itself is harmless, but demonstrates that arbitrary javascript - which could certainly not be harmless - can be injected into the page. mynameismon|4 years ago It's not the ability to display alerts that is concerning, but rather, the ability to run untrusted Javascript. This was a proof of concept that showed that it has a serious XSS vulnerability load replies (1)
retube|4 years ago The alert itself is harmless, but demonstrates that arbitrary javascript - which could certainly not be harmless - can be injected into the page.
mynameismon|4 years ago It's not the ability to display alerts that is concerning, but rather, the ability to run untrusted Javascript. This was a proof of concept that showed that it has a serious XSS vulnerability load replies (1)
gigamick|4 years ago
teitoklien|4 years ago
Cool site tho, Have a lovely week.
gigamick|4 years ago
svenfaw|4 years ago
retube|4 years ago
mynameismon|4 years ago
gigamick|4 years ago
gigamick|4 years ago