Skip to content

Potential DOM XSS in osctrl-admin #93

New issue
New issue
Closed
Closed
Potential DOM XSS in osctrl-admin#93
Assignees
javuto
Labels
osctrl-adminosctrl-admin related changes🐛 bugSomething isn't working
Milestone
v0.2.4
@javuto

Description

@javuto
javuto
opened on Nov 6, 2020

A malicious XSS payload can be injected in the environment name, inside the function statsRefresh:

https://github.com/jmpsec/osctrl/blob/master/admin/static/js/stats.js

Although exploitation would be hard, is better to follow best practices and consider this as a dangerous vulnerability.

Metadata

Metadata

Assignees

Labels

osctrl-adminosctrl-admin related changes🐛 bugSomething isn't working

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions