This repository has been archived by the owner on Feb 23, 2021. It is now read-only.

Cross-Site Scripting: Reflected #146

Open

QiAnXinCodeSafe opened this issue Jul 28, 2020 · 0 comments

QiAnXinCodeSafe commented Jul 28, 2020

luv-yocto/bitbake/lib/toaster/toastergui/views.py

Lines 1812 to 1817 in 10bda4c

    
           def projectconf(request, pid): 
        
               try: 
        
                   prj = Project.objects.get(id = pid) 
        
               except Project.DoesNotExist: 
        
                   return HttpResponseNotFound("<h1>Project id " + pid + " is unavailable</h1>")

Sending unvalidated data to a web browser can result in the browser executing malicious code.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.