This repository has been archived by the owner on Aug 14, 2020. It is now read-only.
XSS Vulnerability via remote Feeds #10
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The stripHTML feature of lastRSS is not used thus a malicious feed could inject arbitrary JavaScript into the output. HTML should only be allowed if the htmlok option of DokuWiki is enabled.
The text was updated successfully, but these errors were encountered: