This repository was archived by the owner on Feb 7, 2024. It is now read-only.
This repository was archived by the owner on Feb 7, 2024. It is now read-only.
XSS vulnerability #16
Open
Description
I tried to fix all XSS vulnerabilities in commit 48b5ca8, hopefully I found all problematic places but probably I lost some.
An user could have put something like <img src='xxx' onerror='alert(1)'> in their username. As soon as the admin opens the User List, the script code would be run within the admin's session.