We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A stored Cross Site Scripting found in create user functionality. To exploit it we must create a user a pass the payload below as the first name
Then we save the user and navigate back to the main users panel. As we can see the xss payload is getting executed.
You can prevent the above vulnerabilty by filtering user input and encode it when it gets reflected to a page. https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html https://portswigger.net/web-security/cross-site-scripting#stored-cross-site-scripting
I made a public gist for the issue above: https://gist.github.com/abbisQQ/e0967d5b8355087c8e224bdd1ace3bf3
The text was updated successfully, but these errors were encountered:
No branches or pull requests
A stored Cross Site Scripting found in create user functionality.
To exploit it we must create a user a pass the payload below as the first name
Then we save the user and navigate back to the main users panel. As we can see the xss payload is getting executed.
You can prevent the above vulnerabilty by filtering user input and encode it when it gets reflected to a page.
https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
https://portswigger.net/web-security/cross-site-scripting#stored-cross-site-scripting
I made a public gist for the issue above:
https://gist.github.com/abbisQQ/e0967d5b8355087c8e224bdd1ace3bf3
The text was updated successfully, but these errors were encountered: