UI
Search…
UI
ABOUT US
UNSAFE
INLINE
0DAY
Multiple ManageEngine Applications Critical Information Disclosure Vulnerability
Thecus N4800Eco Nas Server Control Panel Comand Injection
ManageEngine ADSelfService Plus 6.1 CSV Injection (CVE-2021-33256)
Openlitespeed Web Server 1.7.8 - Privilege Escalation (CVE-2021-26758)
KLOG Server (Authenticated) Command Injection (CVE-2021-3317)
Cokpit version 234 - Server Side Request Forgery (CVE-2020-35850)
KLOG Server Unauthenticated Command Injection (CVE-2020-35729)
Pearson Vue - VUEApplicationWrapper Unquoted Service Path (CVE-2020-36154)
Intel(r) Management and Security Application 5.2 - UNS Unquoted Service Path
BRAdmin Professional 3.75 - Unquoted Service Path
Powered By
GitBook
ABOUT US
What is the unsafe-inline?
"The
unsafe-inline
Content Security Policy
(CSP) keyword allows the execution of inline scripts or styles."
"Allows the use of inline resources, such as inline
<script>
elements,
javascript:
URLs, inline event handlers, and inline
<style>
elements."
If you add
unsafe-inline
keyword to your policy, attacker can try something like this.
/site?query=<script>alert('unsafe')</script>
For more information:
unsafe-inline ⟶ CSP Guide
CSP: script-src - HTTP | MDN
The meaning of
unsafe-inline
is a little different for us.
Unsafe-inline is a team that aim to develop security software, research vulnerability on various platforms.
Next
UNSAFE
Last modified
7mo ago
Copy link