Closed ghost closed 3 years ago
Hello all, my security engineer warns me about the possibility of injecting javascript with a request to efconnect controller
To Reproduce https://mydomain.com/efconnect?cmd=mkdir&name=e%3Cimg%2Fsrc%3D%271%27%2Fonmouseover%3Dalert(%271%27)%3E&reqid=174c012c8531c1&target=l1_RG9zc2llciBzYW5zIHRpdHJlICg3KQ or https://mydomain.com/efconnect?cmd=open&compare=&reload=1&reqid=174c0075d3c334&target=l1_RG9zc2llciBzYW5zIHRpdHJlICg2KQ<img%2Fsrc%3D'1'%2Fonmouseover%3Dalert('2')>&tree=1
How can I solve it ?
I solved the first case by configuring the Sanitizer plugin.
Hello all, my security engineer warns me about the possibility of injecting javascript with a request to efconnect controller
To Reproduce https://mydomain.com/efconnect?cmd=mkdir&name=e%3Cimg%2Fsrc%3D%271%27%2Fonmouseover%3Dalert(%271%27)%3E&reqid=174c012c8531c1&target=l1_RG9zc2llciBzYW5zIHRpdHJlICg3KQ or https://mydomain.com/efconnect?cmd=open&compare=&reload=1&reqid=174c0075d3c334&target=l1_RG9zc2llciBzYW5zIHRpdHJlICg2KQ<img%2Fsrc%3D'1'%2Fonmouseover%3Dalert('2')>&tree=1
How can I solve it ?