This page collects WhisperX intelligence signals tagged #web-application. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A high-severity security flaw in a video utility function allows attackers to inject arbitrary domains into Panopto embed URLs, creating a direct vector for clickjacking and phishing attacks. The vulnerability resides in the `getVideoEmbedInfo()` function within `src/utils/video.ts`, which extracts a domain from user-s...
A scheduled security scan has flagged a critical-severity vulnerability in the OWASP Juice Shop project, a widely used web application security training platform. The CodeQL analysis identified a Template Object Injection flaw in the `routes/dataErasure.ts` file at line 72, assigning it a maximum CVSS score of 9.3. Thi...
A security review of the DynamicStyle system has uncovered a medium-severity injection vulnerability (P1) that could allow attackers to execute arbitrary CSS code. The flaw resides in the `StyleRegistry`, which uses `dangerouslySetInnerHTML` to inject user-provided CSS property values directly into `<style>` elements w...
A critical security audit of a Next.js application's configuration has revealed multiple, severe vulnerabilities that leave the system exposed. The primary issue is an overly permissive image configuration that allows loading from any remote hostname, effectively opening a door for malicious content injection. This is ...
A critical stored cross-site scripting (XSS) vulnerability exists in the administrative interface, allowing an attacker with access to the admin panel to inject malicious JavaScript via user profile fields. The flaw is located in the `templates/users.html` file, where user data such as usernames and emails are rendered...
A critical open-redirect vulnerability has been identified in a form submission handler, where admin-configured redirect URLs can be hijacked by end-users. The flaw stems from the system's `renderMergeTags` function, which expands merge tags like `{{fieldId}}` within the `form.settings.redirectUrl` property. This funct...