When injecting an HTML base element, some requests would ignore the CSP’s base-uri settings and accept the injected element’s base instead (CVE-2022-40956). By injecting a cookie with certain special characters, an attacker on a
This article has been indexed from LinuxSecurity.com – Hybrid RSS
Read the original article: