Hello,
I was searching for vulnerabilities in code and I came across your repository. I have noticed that you do not perform any kind of Input sanitization in your code when selecting the "score", and while there isn't any kind of risk because the purpose of this webpage is just generating RSS feeds without any kind of data being persisted, it would be a good idea to adopt the practice of sanitizing your inputs. Every developer should know that user-manipulated input is always dangerous.
The following XSS injection was found on your webpage:
and this is the poc url that you also can access:
http://80.211.128.73:5000/?subreddit=news&score=2134"><script>alert("This happens when you do not perform any kind of input sanitization :)")</script>
Hello, I was searching for vulnerabilities in code and I came across your repository. I have noticed that you do not perform any kind of Input sanitization in your code when selecting the "score", and while there isn't any kind of risk because the purpose of this webpage is just generating RSS feeds without any kind of data being persisted, it would be a good idea to adopt the practice of sanitizing your inputs. Every developer should know that user-manipulated input is always dangerous.
The following XSS injection was found on your webpage:
and this is the poc url that you also can access:
http://80.211.128.73:5000/?subreddit=news&score=2134"><script>alert("This happens when you do not perform any kind of input sanitization :)")</script>