search

UnickSoft / graphonline

This is source code of graphonline service. Graphonline helps visualize graph and applies a lot of algorithms.
http://graphonline.ru/en/
MIT License
365 stars 67 forks source link

Reflected XSS #49

Closed facudualde closed 7 months ago

facudualde commented 8 months ago

Hi, I found a reflected xss on https://graphonline.ru/en/create_graph_by_matrix and https://graphonline.ru/en/create_graph_by_incidence_matrix, just by entering <script>alert(document.domain)</script> in any of the fields of the matrix. It can be fixed by checking that the user has entered a valid integer and not allowing special chars. By the way, congratulations for this awesome tool!

UnickSoft commented 8 months ago

Thanks.

UnickSoft commented 7 months ago

Fixed