Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Exploitable XSS #1009

Closed
ohrodr opened this Issue Feb 7, 2013 · 2 comments

Comments

Projects
None yet
2 participants

ohrodr commented Feb 7, 2013

Exploitable XSS due to poor user input validation. I found this previous issue: #511 which demonstrates a plan.

I was going to fork + branch a fix, but the planned solution would be better than my hack(s).

The proof of concept image demonstrates a persistent XSS in a vanilla test application install.

Screen Shot 2013-02-07 at 2 19 36 AM

Owner

rjmackay commented Feb 7, 2013

@ohrodr Could you send an email to security@ushahidi.com with further details on this exploit? We'll probably patch this up separately pending a better fix long term. Unfortunately the ideas in #511 are not easily implemented application wide with the current infrastructure.

Owner

rjmackay commented Apr 9, 2013

Addressed by #1056

@rjmackay rjmackay closed this Apr 16, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment