Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A stored Cross Site Scripting (XSS) discovered in the 'Project Name' field.
We have sent an email to you with the Proof Of Concept (PoC) too.
The text was updated successfully, but these errors were encountered:
didnt have received an email yet
Sorry, something went wrong.
We have already sent the email (dev@codiad.com)
We will post the vulnerability information here too:
If we put for example as Project Name the: <script>alert("XSS Found!");</script> we can see that our code will be stored and executed.
<script>alert("XSS Found!");</script>
This popup alert will appear every time we trigger the Project Menu or the Codiad loads the Project.
It seems that the input must be sanitized.
PoC/Screenshots:
thanks for the poc, seems that the email was lost in my inbox, maybe @Fluidbyte has received it. Anyway, marked it as bug
No branches or pull requests
A stored Cross Site Scripting (XSS) discovered in the 'Project Name' field.
We have sent an email to you with the Proof Of Concept (PoC) too.
The text was updated successfully, but these errors were encountered: