Edoardo Ottavianelli

icon indicating a website link edoardottt.com icon indicating an email [email protected]

icon location Italy icon location Offensive Security Analyst and Researcher

Results 85 issues of Edoardo Ottavianelli

[Security] Stored XSS in user fields

Tested version: latest Steps to reproduce the vulnerability: - Login in the application. - Click on Direct messages. - Click on Add a new user. - Fill all the possible...

[Security] Stored XSS in private task

Tested version: latest Steps to reproduce the vulnerability: - Login in the application. - Click on Add a Private task. - Set `"alert(document.domain)` as task description and save. - XSS...

[feature] Password enforced by default

6 comment

In certain scenarios it could be useful to don't have a password, for example when you're not exposing the docker container to the network (even private network), but only to...

enhancement
security
user-interface

Add Goreleaser

In resource-constrained environments we sometimes cannot afford to install full-blown Go + build packages with it: good practice is to have pre-packaged binary releases for each platform. You can include...

enhancement

Improve output

e.g. remove found string

Add more vulnerability categories

Add more vulnerability categories

enhancement
help wanted
good first issue

Add JSON data format

2 comment

Add JSON data format

enhancement
help wanted
good first issue

Add gh page

Add gh page (either as action or deploy from a branch)

Set extra headers

Facing problems with [`chromedp`](https://github.com/chromedp/chromedp), see https://github.com/chromedp/chromedp/issues/1433.

upstreamIdentifiers v3alpha

Now v3alpha supports upstreamIdentifiers.

enhancement
golang