New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

One persistent and one reflected XSS #10795

Closed
erhan- opened this Issue May 17, 2018 · 1 comment

Comments

Projects
3 participants
@erhan-
Contributor

erhan- commented May 17, 2018

Hey guys,
I already created a PR for the persistent XSS: #10793

There is another one which is not as critical. When you create an account, the next step will ask for a username. This field will not save HTML control characters but you will receive an error which shows the attempted username unescaped.

Nothing critical but it is there.

@engelgabriel engelgabriel added this to the 0.66.0 milestone Jun 4, 2018

@engelgabriel engelgabriel added this to Desireable in June/2018 via automation Jun 4, 2018

June/2018 automation moved this from Desireable to Closed Jun 4, 2018

@erhan-

This comment has been minimized.

Contributor

erhan- commented Jul 11, 2018

Following CVE was assigned: CVE-2018-13879
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13879

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment