hi, if there is a security vulnerability, please email contact@convos.chat both to not disclose a vulnerability online and also because I'm not going to click on a random link. Also, please include some details in the email because, again, I'm not going to click on a random site like that, thank you
Thanks for sending the email. Please consider doing that first in the future, since posting online that there is a vulnerability might be an additional security risk. Giving the developers a chance to fix the issue first is better 👍
I have identified a stored cross site scripting vulnerability in https://convos.chat/, below is the POC for your reference:
POC: (Redacted by jberger)
Reference Link:
https://owasp.org/www-community/attacks/xss/
The text was updated successfully, but these errors were encountered: