Показательный пример - почему заголовки CSP (Content-Security-Policy) нужны и важны...
https://checkmarx.com/blog/cve-2021-37794-xss-to-one-click-rce-in-filebrowser/?utm_campaign=CxRT%20Blog%20Socials%202021&utm_content=180914243&utm_medium=social&utm_source=twitter&hss_channel=tw-425734083
#CSP #CVE-2021-37794 #XSStoRCE
https://checkmarx.com/blog/cve-2021-37794-xss-to-one-click-rce-in-filebrowser/?utm_campaign=CxRT%20Blog%20Socials%202021&utm_content=180914243&utm_medium=social&utm_source=twitter&hss_channel=tw-425734083
#CSP #CVE-2021-37794 #XSStoRCE
Checkmarx.com
CVE-2021-37794: XSS to One-Click RCE in FileBrowser
After investigating FileBrowser, the Checkmarx Security Research Team discovered a stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows an attacker to achieve Remote Code Execution (RCE) on the running FileBrowser instance.