wathne / dat250-2024-assignment

MIT License
0 stars 0 forks source link

Cross-Site Scripting (XSS) #4

Closed LisaCabot closed 3 weeks ago

LisaCabot commented 1 month ago

Description: The application does not sanitize Javascript/HTML in input fields. Potential Impact: Allows for a malicious actor to execute scripts in the victim’s browser, making it possible for the attacker to extract sensitive information about the user. Affected part of the application: All input fields that render content supplied by the user, such as: comments, stream posts and profile fields. Type of vulnerability: Stored Cross-Site Scripting (https://cwe.mitre.org/data/definitions/79.html)

LisaCabot commented 3 weeks ago

It should be also fixed with the CRSF token and the input validation