You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
resp=make_response("Could not find a service for URL {}"
Unsanitized user input gets into flask.make_response() and then into user's browser. This opens a possibility for the attacker to supply input like "<script>some_code</script>" and execute arbitrary code in user's browser.
I'm not sure how your application is meant to be deployed, but if an attacker may trick an honest user to access "your_site.com/indieauth?redirect_uri=foo&me=attack_vector", then this is a security risk and you should consider fixing it.
Cheers!
The text was updated successfully, but these errors were encountered:
Hey,
I noticed a possible XSS (https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)) vulnerability in line:
silo.pub/silopub/micropub.py
Line 107 in 46aece8
Unsanitized user input gets into flask.make_response() and then into user's browser. This opens a possibility for the attacker to supply input like "<script>some_code</script>" and execute arbitrary code in user's browser.
I'm not sure how your application is meant to be deployed, but if an attacker may trick an honest user to access "your_site.com/indieauth?redirect_uri=foo&me=attack_vector", then this is a security risk and you should consider fixing it.
Cheers!
The text was updated successfully, but these errors were encountered: