🚨Potential Stored Cross-Site Scripting

changeweb / Unifiedtransform

A school management Software

https://changeweb.github.io/Unifiedtransform/

GNU General Public License v3.0

2.78k stars 1.22k forks source link

🚨Potential Stored Cross-Site Scripting #403

Open Thirukrishnan opened 4 months ago

Thirukrishnan commented 4 months ago

Hello, @changeweb - a potential high severity Cross-site Scripting (XSS) - Stored vulnerability in your repository has been identified. So may I know how to contact you for further procedure?

changeweb commented 4 months ago

Please make a Pull Request with a fix if possible.

Thirukrishnan commented 4 months ago

It's with how the application handles pdf file and I couldn't find the code responsible for it. Can you share your email so that I could send you the POC ?