羽逸非凡

Results 22 issues of 羽逸非凡

There is an XSS on the editor.md.

This project does not filter the markdown text, resulting in an XSS vulnerability. For example, if "《img src=1 onerror=alert(1)》" is entered during text editing, the malicious script in the text...

OutOfMemoryError occurred when calling Utilities.splitIntoFramesg function

1 comment

# OutOfMemoryError occurred when calling Utilities.splitIntoFramesg function ## Description An OutOfMemoryError vulnerability exists in the Utilities.splitIntoFrames method in firebase-admin 9.2.0. ## Error Log ``` java.lang.OutOfMemoryError: Java heap space at java.base/java.lang.StringLatin1.newString(StringLatin1.java:715)...

needs-triage

Infinite loop when converting Markdown Text to HTML

4 comment

# Description A carefully crafted Markdown Text can trigger an infinite loop while loading the text. # Error Log ``` "\tat [email protected]/java.util.regex.Pattern$BmpCharProperty.match(Pattern.java:3963)", "\tat [email protected]/java.util.regex.Pattern$Loop.match(Pattern.java:4953)", "\tat [email protected]/java.util.regex.Pattern$GroupTail.match(Pattern.java:4863)", "\tat [email protected]/java.util.regex.Pattern$BranchConn.match(Pattern.java:4713)", "\tat [email protected]/java.util.regex.Pattern$CharProperty.match(Pattern.java:3940)",...

:beetle: bug

Stack overflow error caused by swim-json parsing of untrusted JSON String

# Stack overflow error caused by swim-json parsing of untrusted JSON String ## Description Using **swim-json** to parse untrusted JSON String may be vulnerable to denial of service (DOS) attacks....

No validation is performed on the file extension of uploaded files, which may allow attackers to upload malicious files.

1 comment

/api/admin/content/books/covers No validation is performed on the file extension of uploaded files, which may allow attackers to upload malicious files. Source code:[src/main/java/com/gm/wj/service/JotterArticleService.java](https://github.com/Antabot/White-Jotter/blob/v0.2.2/wj/src/main/java/com/gm/wj/controller/LibraryController.java)

Stack overflow error caused by speedment parsing of untrusted JSON String

1 comment

# Stack overflow error caused by speedment parsing of untrusted JSON String ## Description Using **speedment** to parse untrusted JSON String may be vulnerable to denial of service (DOS) attacks....

There are multiple XSS on the My-Blog page

There are multiple stored XSS on the My-Blog page 1. path: http://localhost:8080/article/editor/1 A reflected XSS vulnerability exists on the "article editor" page. ![image](https://user-images.githubusercontent.com/48405266/224884406-eb6aac0f-e157-4ea3-a370-f2cd479d0cb6.png) ![image](https://user-images.githubusercontent.com/48405266/224885405-fd87dab8-f2b7-4e69-a530-b33418847f34.png) 2. path: http://localhost:8080/article/1 A stored XSS...

Question: How do I set up corpus and dictionaries?

1 comment

waiting for reporter

Stack overflow error caused by Zson serialization Map

# Stack overflow error caused by Zson serialization Map ## Description Zson before v1.3.7 was discovered to contain a stack overflow via the Map parameter. ## Error Log ``` Exception...

StackOverflowError caused by xxl-tool parsing of untrusted JSON String

# StackOverflowError caused by xxl-tool parsing of untrusted JSON String ## Description Using xxl-tool to parse untrusted JSON String may be vulnerable to denial of service (DOS) attacks. If the...