Cross-site scripting (XSS) attacks in the browser can lead to remote code execution (RCE) attacks. Injection happens when an application cannot properly distinguish between untrusted user data and code. Security misconfigurations can compromise the security of Node applications.
Table of contents
Prototype PollutionCross-Site Script InclusionInsecure Puppeteer SettingsSecurity MisconfigurationRemote Code ExecutionInjectionSensitive Data LeaksAuthentication BypassImproper Access ControlDirectory TraversalArbitrary File WritesDenial of Service AttacksEncryption VulnerabilitiesMass AssignmentOpen RedirectsCross-Site Request ForgeryServer-Side Request ForgeryTrust Boundary Violations3 Comments
Sort: