Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
XSS vulnerability in NCrypt #6
For transparency reason (and with the authorization of the NCrypt maintainer), the email I sent to NCrypt the 02/03/2017 is reproduced below:
I just found an XSS vulnerability in NCrypt.
How to reproduce
As far as I tested it, the choice of programming language don't change the result.
Note: the payload can be "hidden" in a lot of text or code in order to "trick" users.
As far as I know, the impact is quite limited because you don't store the previous posted links in the browser, but it can be used to de-anonymize users for example.
I found this vulnerability because I'm currently and voluntarily searching for XSS vulnerabilities in a lot of FLOSS.
I remain available for any additional comments or questions.