Open ecneladis opened 7 years ago
XSS is possible via unescaped filename in git repository, e.g. <img src=x onerror=alert(1)>.
<img src=x onerror=alert(1)>
Repository with POC: https://github.com/ecneladis/xss_github_vector
XSS is possible via unescaped filename in git repository, e.g.
<img src=x onerror=alert(1)>
.Repository with POC: https://github.com/ecneladis/xss_github_vector