2018-09-03.yml

---
id: 0469cde7-c10e-43fd-83f6-11aef00cc8d9
package: xain
disclosure_date: 2018-09-03
cve: 2018-20302
link: https://github.com/smpallen99/xain/issues/18
title: |
  XSS Vulnerability

description: |
  XSS is possible via the use of the order query parameter. An example request
  would look like:

  ```
  http://host/ressources?order=%27><script>alert(1);</script>
  ```

patched_versions:
  - ">= 0.6.2"