search

XiaoMi / minos

Minos is beyond a hadoop deployment system.
Apache License 2.0
522 stars 200 forks source link

there is a XSS vulnerability in /owl/monitor/views.py #43

Open zzzzfeng opened 3 years ago

zzzzfeng commented 3 years ago

code return HttpResponse('Unsupported type: ' + type), this 'type' is from user input, which may contains html tags and js code