dziudek
commented
9 years ago Hello,
I will analyze this issue and I will fix it in the upcoming 1.4 release. Thank you for your report.
Closed milicasss closed 9 years ago
dziudek
commented
9 years ago Hello,
I will analyze this issue and I will fix it in the upcoming 1.4 release. Thank you for your report.
Owasp Zap found a possible xss injection in meet_gavern 1.3.1 HTTP request was altered in a way that javascript was set in cookie parameter gkusernameless and the response contained it in img tag that retrieves the gravatar image. It turns out that in the login form the cookie is exploded and the content is echoed into src and alt attributes. It probably requires some kind of sanitization because it is a potential security issue.