This repository has been archived by the owner on Nov 16, 2023. It is now read-only.

Cross-Site Scripting: Reflected #309

Open

QiAnXinCodeSafe opened this issue Jun 15, 2020 · 0 comments

QiAnXinCodeSafe commented Jun 15, 2020

agogosml/agogosml/agogosml/common/flask_http_listener_client.py

Lines 37 to 39 in 5e60339

    
           msg = str(request.data, 'utf-8', 'ignore') 
        
           if self.on_message_received(msg): 
        
               return 'msg: %s' % msg

Sending unvalidated data to a web browser can result in the browser executing malicious code.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.