Closed facudualde closed 7 months ago
Hi, I found a reflected xss on https://graphonline.ru/en/create_graph_by_matrix and https://graphonline.ru/en/create_graph_by_incidence_matrix, just by entering <script>alert(document.domain)</script> in any of the fields of the matrix. It can be fixed by checking that the user has entered a valid integer and not allowing special chars. By the way, congratulations for this awesome tool!
<script>alert(document.domain)</script>
Thanks.
Fixed
Hi, I found a reflected xss on https://graphonline.ru/en/create_graph_by_matrix and https://graphonline.ru/en/create_graph_by_incidence_matrix, just by entering
<script>alert(document.domain)</script>
in any of the fields of the matrix. It can be fixed by checking that the user has entered a valid integer and not allowing special chars. By the way, congratulations for this awesome tool!