Describe the bug
The finding titles used in the availableTitles JavaScript array on the report detail page (/reporting/reports/<id>) are not properly escaped.
The application does not seem to escape special characters such as single and double quotes, potentially breaking functionality such as "Mark report as complete" should a finding title contain a single quote. Additionally, this might make it possible to execute a stored cross-site scripting attack by creating a finding with a malicious title.
To Reproduce
Creating a finding with the title '];alert(0);let testx = ['a will trigger an alert box when opening a report.
Expected Behavior
The application should handle titles with special characters, such as a single quote.
Describe the bug The finding titles used in the
availableTitles
JavaScript array on the report detail page (/reporting/reports/<id>
) are not properly escaped.The application does not seem to escape special characters such as single and double quotes, potentially breaking functionality such as "Mark report as complete" should a finding title contain a single quote. Additionally, this might make it possible to execute a stored cross-site scripting attack by creating a finding with a malicious title.
To Reproduce Creating a finding with the title
'];alert(0);let testx = ['a
will trigger an alert box when opening a report.Expected Behavior The application should handle titles with special characters, such as a single quote.
Screenshots
Server Specs: N/A
Additional context N/A