kotlin-fullstack-sample
kotlin-fullstack-sample copied to clipboard
XSS vulnerability
Project missing input sanitizers.
Example:
Simply adding a <img src=x onerror=alert(1) />
as a new "thought" will trigger an XSS:
Just a reminder. This is a security issue that is probably being mimicked by other users. If possible, it should get some attention.
Is this still an issue? I can't reproduce it on PR #36