A Medium-severity XSS vulnerability in an article embedding feature that exploits the Referer header value being reflected in the response body without proper sanitization. The attack succeeds only in Internet Explorer due to its lack of URL encoding in the Referer header, allowing script injection via a malicious referrer URL.
A DOM XSS vulnerability in a private program where unsanitized location.pathname is used to construct AJAX requests, allowing attackers to redirect requests to attacker-controlled domains and inject malicious scripts via protocol-relative URLs (//attacker.com).
Frozen Security provides a suite of free, browser-based Bitcoin custody utilities including entropy generation, BIP-39 mnemonic visualization, UTXO lookup, and PSBT construction—all executing client-side with no data transmission to external servers.