@ohrodr Could you send an email to security@ushahidi.com with further details on this exploit? We'll probably patch this up separately pending a better fix long term. Unfortunately the ideas in #511 are not easily implemented application wide with the current infrastructure.
Exploitable XSS due to poor user input validation. I found this previous issue: #511 which demonstrates a plan.
I was going to fork + branch a fix, but the planned solution would be better than my hack(s).
The proof of concept image demonstrates a persistent XSS in a vanilla test application install.
The text was updated successfully, but these errors were encountered: