Restricting the input validation of display information at own user profile

Low

Abraxas-Bot published GHSA-929f-3gr3-vr7v

Mar 9, 2023

Package

VOTING IAM (Abraxas Apps Platform)

Affected versions

< 1.22.3

Patched versions

None

Description

Short Description

Restricting the input validation of display information at own user profile

Reporting Date

September 2022

Details

The Firstname and Lastname fields can contain more characters than necessary. Control character inputs caused layout errors or other irritations.

Impact

Low

References

Bug Bounty ID: cdfe3d46 (Private)
Internal ID: SEC-802, SEC-834

❤ Thanks to

sammamqureshi for reporting the vulnerability.

Severity

Low

0.0

/ 10

CVSS base metrics

Attack vector

Adjacent

Attack complexity

High

Privileges required

Low

User interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

None

CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:N