search

lankybox02 / RiverBox

The simple social media app.
https://lankybox02.github.io/RiverBox/
7 stars 4 forks source link

Cross-site scripting issue #37

Closed lankybox02 closed 2 years ago

lankybox02 commented 2 years ago 
adminLoadPost({"author": "<img src='' onerror='alert(1)' />", "content": btoa("e")})

You can inject absolutely any script using one line of code.

lankybox02 commented 2 years ago

fixed 1.7