github-actions[bot]
commented
10 months ago This issue is stale because it has been open for 10 days with no activity.
Closed 0init closed 10 months ago
github-actions[bot]
commented
10 months ago This issue is stale because it has been open for 10 days with no activity.
github-actions[bot]
commented
10 months ago This issue was closed because it has been inactive for 2 days since being marked as stale.
Security Alert: XSS Vulnerability Discovered in Description Parameter
🚨 I've identified a critical security issue in our application. This concerns a Cross-Site Scripting (XSS) vulnerability found in the Description parameter. It's crucial we address this to prevent unauthorized access and potential harm.
What's Happening?
Vulnerability Insight:
The Description parameter is accepting XSS payloads. This Vulnerability can lead to stored XSS attacks, enabling unauthorized users to steal sessions and execute harmful JavaScript code.
Proof of Concept (POC):
Exploiting the Vulnerability:
Step 2: Upon saving and refreshing the page, the malicious code executes, demonstrating the vulnerability.
Recommendation
• Revisit the entire application and validate the user input on the server side. • Apply an allowlisting technique to filter out unexpected input. • Sanitize the data collected from input fields before further processing.