ABOUT US

Search…

ABOUT US

UNSAFE

INLINE

0DAY

Multiple ManageEngine Applications Critical Information Disclosure Vulnerability

Thecus N4800Eco Nas Server Control Panel Comand Injection

ManageEngine ADSelfService Plus 6.1 CSV Injection (CVE-2021-33256)

Openlitespeed Web Server 1.7.8 - Privilege Escalation (CVE-2021-26758)

KLOG Server (Authenticated) Command Injection (CVE-2021-3317)

Cokpit version 234 - Server Side Request Forgery (CVE-2020-35850)

KLOG Server Unauthenticated Command Injection (CVE-2020-35729)

Pearson Vue - VUEApplicationWrapper Unquoted Service Path (CVE-2020-36154)

Intel(r) Management and Security Application 5.2 - UNS Unquoted Service Path

BRAdmin Professional 3.75 - Unquoted Service Path

ABOUT US

What is the unsafe-inline?
 "The unsafe-inline Content Security Policy (CSP) keyword allows the execution of inline scripts or styles."
 "Allows the use of inline resources, such as inline <script> elements, javascript: URLs, inline event handlers, and inline <style> elements."
If you add unsafe-inline keyword to your policy, attacker can try something like this.
1
/site?query=<script>alert('unsafe')</script>
Copied!
For more information:
unsafe-inline ⟶ CSP Guide
CSP: script-src - HTTP | MDN
The meaning of unsafe-inline is a little different for us. 
Unsafe-inline is a team that aim to develop security software, research vulnerability on various platforms. 

UNSAFE

Last modified 5mo ago

Copy link