Open mudrd8mz opened 4 years ago
Hi,@mudrd8mz Curious about your moodle version. My website installed the plugin and set the parameters successfully, but it cannot representated the dialogflow chatbot interface. I don't know what happened, I'll be glad to hear your professional idea.
The scripts setHistory.php and getHtml.php in the "api" directory can be easily abused. It seems trivial to feed the
chatbot_dialogflow
table with malicious contents and then display it as a raw HTML. This represents a surface for a wide range of known attacks including XSS.
The scripts setHistory.php and getHtml.php in the "api" directory can be easily abused. It seems trivial to feed the
chatbot_dialogflow
table with malicious contents and then display it as a raw HTML. This represents a surface for a wide range of known attacks including XSS.