Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cross-site Scripting (XSS) vulnerability #91

Closed
stypr opened this issue Aug 4, 2022 · 2 comments
Closed

Cross-site Scripting (XSS) vulnerability #91

stypr opened this issue Aug 4, 2022 · 2 comments

Comments

@stypr
Copy link

stypr commented Aug 4, 2022

Expected Behavior

https://(domain)/prefix/(node)/ipv4?q=%22%2balert(document.domain)%2b%22

Example from the domain: https://(domain)/prefix/(node)/ipv4?q=%22%2balert(document.domain)%2b%22

Actual Behavior

Arbitrary Javascript Code alert(document.domain) is executed.
This can leverage to leak cookies, or even run malicious code on the victim's browser.
@zorun
Copy link
Collaborator

zorun commented Aug 4, 2022

Looks like the same issue as #63, fixed in #82 one year ago? Can you confirm?

@stypr
Copy link
Author

stypr commented Aug 4, 2022

Seems like the same issue was described back in #18

I've installed the latest version and it seems to be fixed.

I found this issue while testing some servers on the internet, but I couldn't confirm as there was no current version displayed on the service

Thanks !

@stypr stypr closed this as completed Aug 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zorun @stypr