Skip to content
This repository has been archived by the owner on Jul 13, 2021. It is now read-only.

XSS vulnerability #19

Open
ErezYalon opened this issue Jul 25, 2017 · 2 comments
Open

XSS vulnerability #19

ErezYalon opened this issue Jul 25, 2017 · 2 comments

Comments

@ErezYalon
Copy link

Project missing input sanitizers.

Example:
Simply adding a <img src=x onerror=alert(1) /> as a new "thought" will trigger an XSS:

image
@ErezYalon
Copy link
Author

Just a reminder.
This is a security issue that is probably being mimicked by other users.
If possible, it should get some attention.

@magneticflux-
Copy link

Is this still an issue? I can't reproduce it on PR #36

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@magneticflux- @ErezYalon