Project-Sloth / ps-mdt

MDT for QBCore
https://discord.gg/projectsloth
GNU General Public License v3.0
250 stars 282 forks source link

XSS In char names appending #495

Closed Infinity585 closed 1 month ago

Infinity585 commented 2 months ago

I have made a pull request fixing an XSS within the dispatch chat while testing I have discovered another XSS attack that can be done using character names by setting my last name as when I open the mdt an alert box comes up. As well as each time I send a message I get an alert box.

MonkeyWhisper commented 2 months ago

Yeah, there is a lot of XSS, thanks for catching those. Our ps-mdt v2 will be completed soon as well and those will be patched