siman
commented
5 years ago Hey @blrhc, thank you for reporting this. Could you move this issue to https://github.com/Joystream/apps ? That is the repo where we develop UI for Joystream.
Closed blrhc closed 5 years ago
siman
commented
5 years ago Hey @blrhc, thank you for reporting this. Could you move this issue to https://github.com/Joystream/apps ? That is the repo where we develop UI for Joystream.
blrhc
commented
5 years ago
Hello,
I have mentioned this to @bwhm, but I thought I would formally report this security vulnerability here as a "Bug Reporter".
On the JoyStream Network Portal, users are able to set a memo. This is rendered using markdown and while to a certain degree this sanitises the content, it does not protect against a reverse "tabnabbing" attack. This vulnerability is explained here.
My JOY address is 5G4gGyJvNA5GM5W5yE2yzwL6NoeiNTKb7znNt9hA9s7Lk41x. By clicking on the link in my memo, you will see a proof of concept of this security issue.
Thank you very much.
If this qualifies as a bug, my monero address is: 48E7bfe5ugnRY2G5akDyd3XQUM9NdqRKRcHSfyNMVtJSFuJt6KvowVZNqGL5CWUeewchmxS7nvHHGfhSLgRvyHJmLEsyvTr