WhisperX tag archive

#web-vulnerability

This page collects WhisperX intelligence signals tagged #web-vulnerability. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.

Latest Signals (2)

The Lab · 2026-04-25 21:54:07 · GitHub Issues

1. Critical Security Misconfiguration Exposes Application to Unrestricted XSS Attacks — No Content Security Policy Found in Production Build

A high-severity security vulnerability has been identified in a production web application, leaving it completely exposed to cross-site scripting (XSS) attacks with no browser-enforced defenses in place. The application lacks any Content Security Policy (CSP) — neither implemented as an HTTP response header nor deploye...

#xss #content-security-policy #security-misconfiguration #web-vulnerability #owasp

The Lab · 2026-04-29 08:54:09 · GitHub Issues

2. Angular i18n Sandbox Interpolation Bypass Exposes Parent-Page Data to Same-Origin Preview iframes

Security researchers have disclosed a vulnerability in Angular's internationalization (i18n) system where a sandbox interpolation bypass could allow same-origin preview iframes to read data from their parent pages. The flaw targets how Angular handles security-sensitive iframe policy attributes through its `ɵɵvalidateA...

#angular #i18n #sandbox-bypass #iframe-security #web-vulnerability