geregg.blogg.se - Javascript for each index

Overly permissive regular expression range.

Missing origin verification in postMessage handler.

Misleading indentation of dangling ‘else’.Misleading indentation after control statement.JWT missing secret or public key verification.Information exposure through a stack trace.

Incomplete regular expression for hostnames.

Incomplete multi-character sanitization.

Inclusion of functionality from an untrusted source.

Host header poisoning in email generation.

Enabling Electron allowRunningInsecureContent.

Download of sensitive file through insecure connection.

Deserialization of user-controlled data.

Dependency download using unencrypted communication channel.

Default parameter references nested function.

Database query built from user-controlled sources.

Cross-window communication with unrestricted target origin.

Creating biased random numbers from a cryptographically secure source.

Clear-text logging of sensitive information.

Clear text transmission of sensitive cookie.

Clear text storage of sensitive information.

CORS misconfiguration for credentials transfer.

Back reference into negative lookahead assertion.

Assignment to property of primitive value.

Arbitrary file write during zip extraction (”Zip Slip”).

Access to let-bound variable in temporal dead zone.