search

kalcaddle / KodExplorer

A web based file manager,web IDE / browser based code editor
https://kodcloud.com
6.26k stars 1.84k forks source link

🚨 Potential Security Vulnerability #480

Closed ranjit-git closed 3 years ago

ranjit-git commented 3 years ago

Hello, @kalcaddle - Five potential high severity security vulnerability in your repository has been disclosed to huntr.

Visit report url and validate them https://www.huntr.dev/bounties/12-kalcaddle/KodExplorer/ https://www.huntr.dev/bounties/13-kalcaddle/KodExplorer/ https://www.huntr.dev/bounties/14-kalcaddle/KodExplorer/ https://www.huntr.dev/bounties/15-kalcaddle/KodExplorer/ https://www.huntr.dev/bounties/16-kalcaddle/KodExplorer/ https://www.huntr.dev/bounties/17-kalcaddle/KodExplorer

Report is visible only to repo-maintainer and reporter .

wadleo commented 3 years ago

@ranjit-git and @kalcaddle artTemplate escapes html content by default according to their documentation. So I don't see how these variables used in this template can cause an XSS.

ranjit-git commented 3 years ago

@wadleo yes xss is executed there . May be they missing xss check in few endpoints . If you are repo-maintainer then you can seee full report details with reproduction step and video poc .

kalcaddle commented 3 years ago

Thanks,we will fixed it soon.