Skip to main content
246 questions
Newest Active Bountied Unanswered
0 votes
1 answer
169 views

I am using session ids to enable various features for logged and unlogged users on my website. This include matching the csrf token to the session id. I store the session id as a SameSite=lax cookie. ...
kunnix's user avatar
  • 91
0 votes
0 answers
38 views

We are using webcastellum filter in our web application. Since its not supporting Jakarta, we need to find alternatives as we are upgrading to Spring 6. Please suggest if there is any similar filter ...
Sanjay's user avatar
  • 313
1 vote
0 answers
48 views

I am building a React + Node.js eCommerce app deployed on Vercel (frontend) and Render (backend). The app uses HTTP-only cookies for authentication and has a Wishlist feature where users can add and ...
Anan328's user avatar
  • 31
-1 votes
1 answer
147 views

first of all, this is really important for my website, I need to open a specific http page I want to know if its a good practice to use window.open to open a page with different protocol (like http -&...
WORM HACKER's user avatar
  • 56
2 votes
2 answers
8k views

In Django I use a background-image stored on a remote web-storage (Digitalocean Spaces) like this: <style> .bg-image { background-image: url("{{ instance.background.url }}")...
Rockbot's user avatar
  • 1,031
1 vote
0 answers
210 views

I am Facing Cross-Site Scripting(XSS) issues in Vera code report. I was using dompurify.sanitize() method and also allowed its attributes. Earlier when I was using this method on my code it was fixed ...
Avinash Keshri's user avatar
  • 11
2 votes
1 answer
1k views

I manage an Electron application where authorization is provided by a JWT cookie set from my server and have recently noticed the Reading cookie in cross-site context will be blocked in future Chrome ...
Adam Marsh's user avatar
  • 1,166
0 votes
0 answers
35 views

I am building a site with a list of words for learning a language. I also have another site on a sub-domain for flashcards. I want users to be able to choose words from the list, then press a button ...
Lee Morgan's user avatar
  • 756
0 votes
1 answer
734 views

I'm trying to write an angular app with an ASP.NET Core Web API and a Cosmos DB. Because of sensible data I need to deal with authentication and authorization. I'm using the Microsoft.AspNetCore....
jerez69's user avatar
  • 1
0 votes
0 answers
138 views

I am testing some vulnerabilities and I have some doubts. for example: 1 - $("#ID").html("<script>alert('XSS')</script>"); if in element id I use the id of the form ...
jhnhnh's user avatar
  • 1
0 votes
1 answer
42 views

I have inherited maintenance of a PHP website that is mysite.com and an ASP.NET website that is shop.mysite.com. The client wants a single sign-on for both sites. The solution I am pursuing is to ...
Chris Davis's user avatar
  • 81
0 votes
1 answer
2k views

What I have: I have sprint boot api, and angular app in diferents domains (not subdomains), and is not an option change it. I only grant access by cors to my angular domain app. What I need: I need ...
David Burgos's user avatar
  • 33
0 votes
1 answer
226 views

Here, things are clear about what Fortify is finding as a vulnerability because it reports that an inputHidden could be vulnerable to XSS. I read another post about JSF mitigating this, and they said ...
emgi's user avatar
  • 1
0 votes
2 answers
215 views

I would like to set a session variable in code behind so after received an ajax call result based on the result of that set a session variable. This application is old webform and is not MVC Here is ...
user464291's user avatar
  • 159
0 votes
0 answers
731 views

I need to complete this task, please see the below comments, You are calling the hack() function in your text files which is a good start. The goal of the task inject the hack() function into the ...
SAI CHARAN KATKAM's user avatar
  • 9

15 30 50 per page
1
2 3 4 5
17