Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] Cross Site Scripting in the operation name value #1755

Closed
Dfte opened this issue Jun 15, 2020 · 3 comments
Closed

[Security] Cross Site Scripting in the operation name value #1755

Dfte opened this issue Jun 15, 2020 · 3 comments

Comments

@Dfte
Copy link

Dfte commented Jun 15, 2020

Hello,

I was playing with your framework when i came across a XSS in the Operation Name box:
payload: <script>alert()</script>

image

I have no idea if you guys are interested in that type of vulnerability but i thought it would be nice to inform you anyway :) !

Have a good day,
Defte
@privateducky
Copy link
Contributor

thanks!

because caldera is designed as a single-user application, we tend not to prioritize things like this. but -- it's a great find -- and we'd love to fix it. I'll keep this issue open until either we, you or another person in the community pushes a fix. just so it stays in mind.

@Dfte
Copy link
Author

Dfte commented Jun 23, 2020

Okay! Thanks for responding :)

@github-actions
Copy link

This issue is stale because it has been open 20 days with no activity. Remove stale label or comment or this will be closed in 5 days

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Dfte @privateducky