Reflected XSS in Reportico-7.1 #47
Comments
|
Hi there Thanks for letting me know about this .. I am going to investigate how to avoid this. Even though this is happening for you when logged in as admin I need to check if this exists elsewhere. Also you are running an old version i will be starting with a fix in the latest Kind Regards |
|
Hi Peter, The XSS is there in multiple places of the application and in the latest version 7.1.21-beta also the vulnerability is present. |
|
Hi Peter, Are the vulnerabilities fixed? |
|
Hi, The XSS vulnerability still exists in 8.1 version, can I get any CVE for this.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Cross-site scripting (XSS) is a web application vulnerability that permits an attacker to inject code, (typically HTML or JavaScript), into the contents of an outside website. When a victim views an infected page on the website, the injected code executes in the victim’s browser. Consequently, the attacker has bypassed the browser’s same origin policy and is able to steal private information from a victim associated with the website.
Steps:
The text was updated successfully, but these errors were encountered: