Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Exploitable XSS #1009

Closed
ohrodr opened this issue Feb 7, 2013 · 2 comments
Closed

Exploitable XSS #1009

ohrodr opened this issue Feb 7, 2013 · 2 comments
Labels

Comments

@ohrodr
Copy link

ohrodr commented Feb 7, 2013

Exploitable XSS due to poor user input validation. I found this previous issue: #511 which demonstrates a plan.

I was going to fork + branch a fix, but the planned solution would be better than my hack(s).

The proof of concept image demonstrates a persistent XSS in a vanilla test application install.

Screen Shot 2013-02-07 at 2 19 36 AM

@rjmackay
Copy link
Contributor

rjmackay commented Feb 7, 2013

@ohrodr Could you send an email to security@ushahidi.com with further details on this exploit? We'll probably patch this up separately pending a better fix long term. Unfortunately the ideas in #511 are not easily implemented application wide with the current infrastructure.

@rjmackay
Copy link
Contributor

rjmackay commented Apr 9, 2013

Addressed by #1056

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants