kotlin-fullstack-sample icon indicating copy to clipboard operation
kotlin-fullstack-sample copied to clipboard

Published 20 hours ago verified publisher icon Kotlin

XSS vulnerability

Open ErezYalon opened this issue 6 years ago • 2 comments

Project missing input sanitizers.

Example: Simply adding a <img src=x onerror=alert(1) /> as a new "thought" will trigger an XSS:

image

ErezYalon avatar Jul 25 '17 08:07 ErezYalon

Just a reminder. This is a security issue that is probably being mimicked by other users. If possible, it should get some attention.

ErezYalon avatar Sep 07 '17 16:09 ErezYalon

Is this still an issue? I can't reproduce it on PR #36

magneticflux- avatar Mar 01 '18 17:03 magneticflux-