lin-cms-flask icon indicating copy to clipboard operation
lin-cms-flask copied to clipboard

Published 20 hours ago • verified publisher icon TaleLin

Cross Site Scripting Vulnerability in Latest Release

Open HatBoy opened this issue 5 years ago • 2 comments

Hi, I would like to report Cross Site Scripting vulnerability in latest release.

Description: Cross-site scripting (XSS) vulnerability in app/api/cms/user.py 12 line register() function and app/api/cms/log.py 23 line get_logs() function. User name usage XSS payload will be executed in the log when registering users Steps To Reproduce: 1.Add a user, the username is xss payload. 2 2.Then use the username login, see the log manager find the xss payload already executed, the super user also can find. 3

author by [email protected]

HatBoy avatar Mar 14 '19 14:03 HatBoy

Thanks for these suggestions, as we have just started, including SQL injection and CSRF prevention has been put on the agenda but has not yet been achieved. We will improve these security issues in the near future. Thanks again.

7insummer avatar Mar 14 '19 15:03 7insummer

Hi @7insummer @HatBoy , Was this issue fixed? if so, in what commit and what tag/version? thanks!

OS-WS avatar Aug 17 '21 08:08 OS-WS