Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Thanks Jefferson Gonzales
this update prevents the XSS attack Description: While making an account in demo.avideo.com I found a parameter "?success=" which did not sanitize any symbol character properly which leads to XSS attack. Impact: Since there's an Admin account on demo.avideo.com attacker can use this attack to Takeover the admin's account Step to Reproduce: 1. Click the link below https://demo.avideo.com/user?success="><img src=x onerror=alert(document.cookie)> 2. Then XSS will be executed
- Loading branch information
DanieL
authored and
DanieL
committed
Jan 31, 2023
1 parent
8cfdafc
commit 2b44dee
Showing
1 changed file
with
86 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters