Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Steps to reproduce:
<script>alert('XSS')</script>.google.com
Recommendation:
Implementing input validation and/or ensuring output sanitization as done for all other inputs/outputs.
Risk:
Low risk since high privileges are required.
The text was updated successfully, but these errors were encountered:
Also works for redirection hosts with XSS domain payloads. If a redirection host is deleted, XSS payload is executed.
Sorry, something went wrong.
NginxProxyManager/nginx-proxy-manager@feaafdc
Merge pull request #1951 from NginxProxyManager/test-html-encode
3538f97
Fix #1950 attempt to encode hdomain values before render
Thanks for the pickup.
Fixed in develop branch and will be out with the next release.
develop
No branches or pull requests
Steps to reproduce:
<script>alert('XSS')</script>.google.com
as domainRecommendation:
Implementing input validation and/or ensuring output sanitization as done for all other inputs/outputs.
Risk:
Low risk since high privileges are required.
The text was updated successfully, but these errors were encountered: