You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
XSS injection possible in form from partner site launched by the [Submit your research] button:
**risk:**High tech details:
inject -> <b onmouseover=alert('Wufff!')>click me!</b> into any edit box https://www.epress.ac.uk/ijm/webforms/author3.php
video evidence:
CWE-200 - risk: low tech details: server leaks technology stack info in response headers:
vulnerability: Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.
vulnerability:
No Anti-CSRF tokens were found in a HTML submission form.
A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim.
Run tests related to OWASP Top-10 security risks, where applicable.
The text was updated successfully, but these errors were encountered: