LisaCabot
commented
3 weeks ago It should be also fixed with the CRSF token and the input validation
Closed LisaCabot closed 3 weeks ago
LisaCabot
commented
3 weeks ago It should be also fixed with the CRSF token and the input validation
Description: The application does not sanitize Javascript/HTML in input fields. Potential Impact: Allows for a malicious actor to execute scripts in the victim’s browser, making it possible for the attacker to extract sensitive information about the user. Affected part of the application: All input fields that render content supplied by the user, such as: comments, stream posts and profile fields. Type of vulnerability: Stored Cross-Site Scripting (https://cwe.mitre.org/data/definitions/79.html)