Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vulnerability in https://convos.chat/ #623

Closed
DEV696 opened this issue Oct 12, 2021 · 3 comments
Closed

Vulnerability in https://convos.chat/ #623

DEV696 opened this issue Oct 12, 2021 · 3 comments
Assignees
Labels
Milestone

Comments

@DEV696
Copy link

DEV696 commented Oct 12, 2021

I have identified a stored cross site scripting vulnerability in https://convos.chat/, below is the POC for your reference:

POC: (Redacted by jberger)

Reference Link:
https://owasp.org/www-community/attacks/xss/

@DEV696 DEV696 added the bug label Oct 12, 2021
@jberger
Copy link
Collaborator

jberger commented Oct 12, 2021

hi, if there is a security vulnerability, please email contact@convos.chat both to not disclose a vulnerability online and also because I'm not going to click on a random link. Also, please include some details in the email because, again, I'm not going to click on a random site like that, thank you

@DEV696
Copy link
Author

DEV696 commented Oct 13, 2021

I have dropped an email on contact@convos.chat along with the steps to reproduce the vulnerability. I request you to please check.

@jhthorsen jhthorsen self-assigned this Oct 13, 2021
@jhthorsen jhthorsen added this to the 6.xx milestone Oct 13, 2021
@jhthorsen
Copy link
Collaborator

Thanks for sending the email. Please consider doing that first in the future, since posting online that there is a vulnerability might be an additional security risk. Giving the developers a chance to fix the issue first is better 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants