Owasp Zap found a possible xss injection in meet_gavern 1.3.1
HTTP request was altered in a way that javascript was set in cookie parameter gkusernameless and the response contained it in img tag that retrieves the gravatar image. It turns out that in the login form the cookie is exploded and the content is echoed into src and alt attributes. It probably requires some kind of sanitization because it is a potential security issue.
Owasp Zap found a possible xss injection in meet_gavern 1.3.1 HTTP request was altered in a way that javascript was set in cookie parameter gkusernameless and the response contained it in img tag that retrieves the gravatar image. It turns out that in the login form the cookie is exploded and the content is echoed into src and alt attributes. It probably requires some kind of sanitization because it is a potential security issue.