search

jalmasi / vrspace

VRSpace: Multiuser Virtual Reality Engine
Apache License 2.0
174 stars 79 forks source link

json sanitation bypassed #19

Closed jalmasi closed 1 month ago

jalmasi commented 2 years ago

{"object":{"Client":0},"changes":{"properties":{"":"string","number":123.456}}}

gets distributed, possible XSS

jalmasi commented 1 month ago

Issue tracker here: https://redmine.vrspace.org/projects/vrspace-org/issues