XSS-Security Issue - redirect.tsx is vulnerable to XSS

OfficeDev / microsoft-teams-apps-greatideas

An “innovation challenge” system that lets employees submit and share ideas and insights, with voting and contests. An app using which employees can submit an innovative idea in a selected category to be visible to all colleagues and leadership, ideas can be voted upon and a leader board of best idea contributors can be shared. This app can also be a route to file patent ideas by anyone in an organization.

MIT License

84 stars 35 forks source link

XSS-Security Issue - redirect.tsx is vulnerable to XSS #42

Open appsec360 opened 2 years ago

appsec360 commented 2 years ago

Vulnerability Name : XSS - Cross Site Scripting Impact: Sending invalidated data to a client (web-browser/Teams) can result in the client executing malicious code. Vulnerable File Location: Source/Microsoft.Teams.Apps.SubmitIdea/ClientApp/src/components/redirect.tsx File Name: redirect.tsx Line No# 17

bal0o commented 2 years ago

Following as we have had this rejected by our cyber teams until this issue is resolved

bal0o commented 1 year ago

chasing this... Is there an update that has fixed this issue yet? Or do we have idea on timescales?