search

SaschaWillems / vulkan.gpuinfo.org

Front-End and Back-End for the Vulkan Hardware Database
https://vulkan.gpuinfo.org
GNU Affero General Public License v3.0
25 stars 5 forks source link

XSS vulnerability on listdevices.php #35

Closed maple3142 closed 3 years ago

maple3142 commented 3 years ago

Example: https://vulkan.gpuinfo.org/listdevices.php?extension=%27%2Balert(1)%2B%27

SaschaWillems commented 3 years ago

Thanks for letting me know. I guess this applies to other views too. Will take a look it.

SaschaWillems commented 3 years ago

(Hopefully) fixed in all critical spots with today's update.