Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

This is XSS vulnerabilities #7359

Closed
Du9r1 opened this issue Dec 4, 2021 · 2 comments · Fixed by #7364
Closed

This is XSS vulnerabilities #7359

Du9r1 opened this issue Dec 4, 2021 · 2 comments · Fixed by #7364
Labels
status/duplicate This issue or pull request already exists

Comments

@Du9r1
Copy link

Du9r1 commented Dec 4, 2021

Nacos has xss vulnerability

Trigger condition: no verification required

version: Nacos 2.0.3

payload1:/nacos/v1/auth/users?pageNo=1&pageSize=<script>alert(1)</script>
payload2:/nacos/v1/auth/users?pageNo=<script>alert(1)</script>&pageSize=1

image
image

@Du9r1 Du9r1 changed the title This is a XSS vulnerabilities This is XSS vulnerabilities Dec 4, 2021
@onewe
Copy link
Collaborator

onewe commented Dec 6, 2021

@onewe will solve it@

onewe added a commit to onewe/nacos that referenced this issue Dec 6, 2021
- Set response header 'Content-Security-Policy'
@onewe onewe mentioned this issue Dec 6, 2021
5 tasks
@KomachiSion
Copy link
Collaborator

KomachiSion commented Jan 12, 2022

duplicate with #1717

@KomachiSion KomachiSion added the status/duplicate This issue or pull request already exists label Jan 12, 2022
KomachiSion pushed a commit that referenced this issue Mar 14, 2022
- Set response header 'Content-Security-Policy'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
status/duplicate This issue or pull request already exists
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants