This repository has been archived by the owner on Jul 29, 2023. It is now read-only.
Cross site scripting attack #39
Assignees
Comments
|
Is this fixed? |
|
Wondering the same thing. Don't see anything in the commit history to suggest it was fixed. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Client can easily change the html code from inspect element remove the disable tag from add website button and create unlimited websites. Can change the id on the delete website form button and destroy an other users website. On your php code you must validate that the current user can make changes only on own websites,databases,dns,mails,etc...
The text was updated successfully, but these errors were encountered: