search

Kotlin / kotlin-fullstack-sample

Kotlin Full-stack Application Example
https://kotlinlang.org
Apache License 2.0
1.21k stars 169 forks source link

XSS vulnerability #19

Open ErezYalon opened 7 years ago

ErezYalon commented 7 years ago

Project missing input sanitizers.

Example: Simply adding a <img src=x onerror=alert(1) /> as a new "thought" will trigger an XSS:

image

ErezYalon commented 7 years ago

Just a reminder. This is a security issue that is probably being mimicked by other users. If possible, it should get some attention.

magneticflux- commented 6 years ago

Is this still an issue? I can't reproduce it on PR #36