Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Site vunerable to XSS Via AJAX #112

Open
jsiems opened this issue Jun 29, 2016 · 1 comment
Open

Site vunerable to XSS Via AJAX #112

jsiems opened this issue Jun 29, 2016 · 1 comment
Labels
bug
Milestone
3.0

Comments

@jsiems
Copy link
Contributor

jsiems commented Jun 29, 2016

If someone skips our submit question or submit reply functions entirely and knows how to use jquery, it is possible to run an ajax command in the console that submits a question with scripts hidden in it
@jsiems jsiems added the bug label Jun 29, 2016
@jsiems jsiems removed their assignment Jun 29, 2016
@jsiems jsiems added the ready label Jun 29, 2016
@jsiems
Copy link
Contributor Author

jsiems commented Jun 30, 2016

We would be able to prevent this by parsing the submitted questions/comments for scripts on server side instead of in the javascript.

@s1037989 s1037989 added this to the 3.0 milestone Jul 5, 2016
@s1037989 s1037989 removed the ready label Jul 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
3.0
Development

No branches or pull requests
3 participants
@s1037989 @meyerben @jsiems