fix: sanitize titles to prevents persistent xss vulnerabilities

sjelfull / craft-audit

Audit log for Craft 3

https://superbig.co

Other

20 stars 11 forks source link

fix: sanitize titles to prevents persistent xss vulnerabilities #73

Closed mofman closed 1 year ago

mofman commented 1 year ago

There is a persistent XSS vulnerabily within Audit that you can replicate when Creating or Amending a user within Craft.

I have sanitized user input to fix this issue.

Are you able to merge and tag?

Sarrac3873 commented 5 months ago

There is a persistent XSS vulnerabily within Audit that you can replicate when Creating or Amending a user within Craft.

I have sanitized user input to fix this issue.

Are you able to merge and tag?

Sarrac3873 commented 5 months ago

There is a persistent XSS vulnerabily within Audit that you can replicate when Creating or Amending a user within Craft.

I have sanitized user input to fix this issue.

Are you able to merge and tag?

Sarrac3873 commented 5 months ago

There is a persistent XSS vulnerabily within Audit that you can replicate when Creating or Amending a user within Craft.

I have sanitized user input to fix this issue.

Are you able to merge and tag?

attritionorg commented 5 months ago

@mofman Can you clarify if this requires authentication to exploit, and if so, at what role or user-level? Thanks!