Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stored XSS Attack #67

Open
Bingoyyj opened this issue Sep 15, 2023 · 2 comments
Open

Stored XSS Attack #67

Bingoyyj opened this issue Sep 15, 2023 · 2 comments

Comments

@Bingoyyj
Copy link

Describe the bug
Stored XSS caused by remote malicious content.

To Reproduce
According to the rules of regular matching, remotely construct malicious vulnerability description content, insert XSS payload into it, such as: <script>alert(1)</script> or payload that steals cookies.

Screenshots
image
image

Affected Version
Lastest.
@Ashthetik
Copy link

I'm not apart of this project, but the info you're providing is very lacking in identifiers as well as any form of PoC to actually verify that this isn't just some local edit.

If you could provide site, package version (if applicable), ref links to PoCs, link to CVE, etc. it would help with public knowledge and awareness

@AAloush
Copy link

AAloush commented Sep 4, 2024

Add this to the python script.

from html import escape
[...]
def clean_text(description):
    [...]
    return escape(description)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Ashthetik @Bingoyyj @AAloush