Resolve reflected XSS issues #7378
Assignees
Milestone
Comments
asmecher
added a commit
that referenced
this issue
Oct 13, 2021
asmecher
added a commit
to pkp/omp
that referenced
this issue
Oct 13, 2021
asmecher
added a commit
that referenced
this issue
Oct 13, 2021
asmecher
added a commit
to pkp/omp
that referenced
this issue
Oct 13, 2021
asmecher
added a commit
to pkp/ojs
that referenced
this issue
Oct 13, 2021
asmecher
added a commit
to pkp/ojs
that referenced
this issue
Oct 13, 2021
asmecher
added a commit
that referenced
this issue
Oct 13, 2021
asmecher
added a commit
that referenced
this issue
Oct 13, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
See original report: https://huntr.dev/bounties/134160e4-92f7-4bc5-a1c6-d368f5c8280d/
There is a reflected XSS issue in the user creation interface where the user-supplied given name is bounced back to the browser. The user creation form is CSRF-protected and available to managers only, so the risk of abuse is low.
Resolve this issue and scan for others.
The text was updated successfully, but these errors were encountered: