Tag: cve

Disclosing a local file inclusion vulnerability in xmlhttprequest library

I found a Local File Inclusion (LFI) security vulnerability in xmlhttprequest library but it's still unfixed.
Apr 27, 2023 ~ 2 min read
security
vulnerability
advisory
cve
xmlhttprequest
local-file-inclusion
lfi
Disclosing uncontrolled resource consumption in xmlhttprequest library

proof-of-concept showing a denial of service vulnerability in a Node.js web server if it uses the xmlhttprequest library to make outgoing HTTP requests
Apr 16, 2023 ~ 3 min read
security
vulnerability
advisory
cve
xmlhttprequest
denial of service
dos
uncontrolled resource consumption