[CVE-2016-9891] Dotclear – XSS Vulnerability in Version 2.10.4

[CVE-2016-9891] Dotclear – XSS Vulnerability in Version 2.10.4 Product Information: Software: Dotclear Tested Version: 2.10.4, released 02.11.2016 Vulnerability Type: Cross-Site Scripting (CWE-79) Description: The project’s purpose is to provide a user-friendly tool allowing anyone to publish on the web, regardless of their technical skills. (copied from https://dotclear.org/about#undefined) Vulnerability description: There is a XSS vulnerability in

Continue reading [CVE-2016-9891] Dotclear – XSS Vulnerability in Version 2.10.4

[CVE-2016-9681] Serendipity CMS – XSS Vulnerability in Version 2.0.4

[CVE-2016-9681] Serendipity CMS – XSS Vulnerability in Version 2.0.4 Product Information: Software: Serendipity CMS Tested Version: 2.0.4, released 26.09.2016 Vulnerability Type: Cross-Site Scripting (CWE-79) Download link: https://github.com/s9y/Serendipity/releases/tag/2.0.4 Description: Serendipity is a PHP-powered weblog engine which gives the user an easy way to maintain a blog. While the default package is designed for the casual blogger,

Continue reading [CVE-2016-9681] Serendipity CMS – XSS Vulnerability in Version 2.0.4

prismjs CDN: Implementation of Syntax Highlighting in Ghost CMS

Adding syntax highlighting is a must for all tech-related blog and the process of doing this should not be difficult. When it comes to syntax highlighting, there are many options out there in the market. However, I’ve settled down with prism.js since it is lightweight and straightforward. Besides, CloudFlare is serving through their CDN. Thus

Continue reading prismjs CDN: Implementation of Syntax Highlighting in Ghost CMS

Abusing Formspree

Update: Formspree now offers form with reCAPTCHA by using the _gotcha tag. You can find out more here. Formspree is a project that solves a problem many of us have faced: easily adding forms to otherwise static HTML pages. Disclaimer: This post is for education purposes, and the discussed method should not be used to

Continue reading Abusing Formspree