We've received a XSS vulnerability report that it's caused by the Fields plugin. It's pretty easy to reproduce the issue (the user also provided a sample project), just a domain class with a String property with the value "Test1<script>alert('XSS');</script>". Then using the default scaffolding the alert is displayed in both list and show pages.
The text was updated successfully, but these errors were encountered:
From @ilopmar
We've received a XSS vulnerability report that it's caused by the Fields plugin. It's pretty easy to reproduce the issue (the user also provided a sample project), just a domain class with a String property with the value
"Test1<script>alert('XSS');</script>". Then using the default scaffolding the alert is displayed in both list and show pages.The text was updated successfully, but these errors were encountered: