|
|
|
|
|
|
by simonw
154 days ago
|
|
|
Stored XSS should be a priority one fix for any company and result in an instant bug payout. This isn't quite a stored XSS - the attacker can't execute JavaScript - but it's a similar shape and can be used to exfiltrate data. That's bad! |
|
|