ronaldaug
commented
2 years ago I guess this XSS injection isn't executed in Cockpit dashboard, isn't it? And it seems this is correct, the API should return what we posted.
Closed wiedaw closed 2 years ago
ronaldaug
commented
2 years ago I guess this XSS injection isn't executed in Cockpit dashboard, isn't it? And it seems this is correct, the API should return what we posted.
Hello.
After secutiry audit in CMS there are some places where you can inject some javascript code. For example in fileld like date picker, assets. Could you take a look of this and help me to fix this?
Below is screenshot from API request and response which opens alert by javascript injected code.