Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

profile stored XSS vulnerability #448

Open
tcnichol opened this issue Apr 19, 2024 · 0 comments · May be fixed by #449
Open

profile stored XSS vulnerability #448

tcnichol opened this issue Apr 19, 2024 · 0 comments · May be fixed by #449
Assignees
@tcnichol
Labels
bug Something isn't working

Comments

@tcnichol
Copy link
Contributor

tcnichol commented Apr 19, 2024
edited by lmarini
Loading

Stored XSS: Many of the profile fields (such as first and last name) are
vulnerable to XSS. When visiting the profile page, the script stored in those
fields will execute. e.g https://cpmr.tacc.utexas.edu/profile/viewProfile/
66101cce428a36d45381c305
@tcnichol tcnichol added the bug Something isn't working label Apr 19, 2024
@tcnichol tcnichol self-assigned this Apr 19, 2024
@tcnichol tcnichol linked a pull request Apr 28, 2024 that will close this issue
Fix profile xss #449
Open
@clowder-framework clowder-framework deleted a comment from tcnichol Apr 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tcnichol tcnichol

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
1 participant
@tcnichol