Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XSS in Admin Panel #4727

Closed
omriinbar opened this issue Aug 15, 2021 · 1 comment · Fixed by #4729
Closed

XSS in Admin Panel #4727

omriinbar opened this issue Aug 15, 2021 · 1 comment · Fixed by #4729
Assignees
Labels
kind/bug Definite and accepted bugs priority/P0

Comments

@omriinbar
Copy link

When navigating to a page, the path is not sanitized in the "Request statistics" in the admin panel, leading to an XSS.

For example, navigating to http://beego-site/<script>alert(1)</script> leads to an alert when viewed on the admin panel:
MicrosoftTeams-image (21)

@flycash flycash self-assigned this Aug 16, 2021
@flycash flycash added kind/bug Definite and accepted bugs priority/P0 labels Aug 16, 2021
@flycash flycash linked a pull request Aug 16, 2021 that will close this issue
@flycash
Copy link
Collaborator

flycash commented Aug 16, 2021

Please update to newest master branch. Be careful, do not use develop branch.

@flycash flycash closed this as completed Aug 16, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/bug Definite and accepted bugs priority/P0
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants