Security (Google analytics package): Referer header manipulation Google Analytics XSS Bug

cloudscribe / cloudscribe

ASP.NET Core multi-tenant web application foundation with management for sites, users, roles, claims and more

Other

1.31k stars 278 forks source link

Security (Google analytics package): Referer header manipulation Google Analytics XSS Bug #986

Open LaineS opened 4 months ago

LaineS commented 4 months ago

By spoofing the referer, the user can open an XSS vulnerability. Discussed with @SimonAnnetts and a simple fix in one of the cs GA packages should resolve this.

JimKerslake commented 3 months ago

cloudscribe.Web.Common 6.0.5 cloudscribe.Core.Web 6.0.41