-
Notifications
You must be signed in to change notification settings - Fork 541
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reflected / Stored XSS - CVE-2022-47968 #1086
Comments
Nice one, thanks. |
I try to prepare a fix. Note that there is actually a feature to store javascript that gets executed on the page 🤷 |
That's true, in that case should we consider this as an extended feature? |
Probably as a bug, not sure if it qualifies for a CVE... |
Well... a bug could be considered as a flaw or vulnerability in the software or hardware design that can be potentially exploited by the attackers. These security bugs can be used to exploit various vulnerabilities by compromising – user authentication, authorization of access rights and privileges, data confidentiality, and data integrity. |
@iodn a fix was released now in v2.5.5, please double check if you have time. If you find anything else feel free to report. |
I've checked the new version this morning and it seems to be fixed! |
Hello Team,
Found a reflected XSS in the "Add application" page. It is possible to inject JavaScript code in the "Application name" input.
Not a big deal I guess but still wanted to warn about it.
Edit: Found in version 2.5.4
The text was updated successfully, but these errors were encountered: