search

anuragverma108 / SwapReads

SwapReads.com is the go-to online platform for book lovers to connect, swap their favorite reads, and dive into exciting literary journeys. Create your profile, list the books you want to exchange, and join a thriving community of passionate readers
https://vermillion-sunshine-40461e.netlify.app/
MIT License
237 stars 441 forks source link

BUG:Allowing special characters in the password field can lead to client-side injection attacks, such as XSS, which poses a security vulnerability #2860

Open pand-coder opened 3 hours ago

pand-coder commented 3 hours ago

Is there an existing issue for this?

What happened?

Security Vulnerability: Client-Side Injection in Password Field

Issue Description:

The password field currently allows the input of special characters (e.g., <, >, <script>), which can lead to client-side injection attacks like Cross-Site Scripting (XSS). This poses a security risk as it allows malicious scripts to be executed on the client side.

Expected Behavior:

Special characters such as <, >, and script tags should be disallowed in the password field to prevent injection attacks.

Actual Behavior:

Special characters are allowed, and malicious scripts can be executed.

Fix:

Please assign me this issue as i would like to contribute regarding this issue with respect secure aspects of coding principles

Screenshot:

image

Record

github-actions[bot] commented 3 hours ago

Thank you for creating this issue! 🎉 Your issue will soon be reviewed by either the PA or a mentor. Please await their response. In the meantime, please make sure to provide all the necessary details and context. If you have any questions or additional information, feel free to add them here. Your contributions are highly appreciated! 😊

You can also check our CONTRIBUTING.md for guidelines on contributing to this project.

github-actions[bot] commented 3 hours ago

Important Note: This repository serves as a gateway for newcomers to explore open-source projects. To ensure fairness in learning, we're introducing a cap on the points awarded to individual contributors. Going forward, each contributor will be restricted to earning a maximum of 150 points. and there is no level for some too basic changes!!. This limitation specifically applies to the GSSOC project. Thank you for your understanding and cooperation in maintaining an inclusive learning environment.

Charul00 commented 2 hours ago

i liked it can you please assigned to me