Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
fix: Fixed a reflected XSS in the sharing group creator tool
- Fixed a reflected XSS in the sharing group editor that requires malicious organisation names
- Low impact due to the following requirements:
- organisation names with malicious org names (JS in the orgname)
- sharing group editor user has to manually add an organisation to the list that has javascript in the org name
- only vulnerable view is the editor itself, so the impact is limited to
users that manually add organisations with malicious names to the list themselves / edit such sharing groups
- As reported by Dawid Czarnecki- Loading branch information