From 669a93e69b8a705a203eff76d8899ace1f9da3ae Mon Sep 17 00:00:00 2001 From: Yogesh Ojha Date: Sun, 22 May 2022 19:26:24 +0530 Subject: [PATCH] Fixed XSS on Hackerone Markdown Report --- .github/SECURITY.md | 6 ++++++ web/scanEngine/templates/scanEngine/settings/hackerone.html | 6 +++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/SECURITY.md b/.github/SECURITY.md index 7e0dd6639..497040173 100644 --- a/.github/SECURITY.md +++ b/.github/SECURITY.md @@ -26,6 +26,8 @@ Please find the [FAQ](https://www.huntr.dev/faq) and [Responsible disclosure pol ## Past Security Vulnerabilities +Thanks to these individuals for reporting Security Issues in reNgine. + * [Stored XSS](https://github.com/yogeshojha/rengine/issues/178) on Detail Scan Page via Page Title Parameter, Reported by [omemishra](https://github.com/omemishra) * [Stored XSS](https://github.com/yogeshojha/rengine/issues/347) on Vulnerability Scan page via URL Parameter, Reported by [Arif Khan, payloadartist](https://twitter.com/payloadartist) @@ -34,6 +36,10 @@ Please find the [FAQ](https://www.huntr.dev/faq) and [Responsible disclosure pol * [Stored XSS](https://huntr.dev/bounties/dfd440ba-4330-413c-8b21-a3d8bf02a67e/) on Import Targets via filename, Reported by [Veeshraj Ghimire](https://github.com/V35HR4J) +* [Stored XSS](https://huntr.dev/bounties/8ea5d3a6-f857-45e4-9473-e4d9cb8f7c77/) on HackerOne Markdown template, Reported by [Smaran Chand](https://github.com/smaranchand) and [Ayoub Elaich](https://github.com/sicks3c) + + + **reNgine thanks the following people for making a responsible disclosure and helping the community make reNgine safer!** * [onemishra](https://github.com/omemishra) diff --git a/web/scanEngine/templates/scanEngine/settings/hackerone.html b/web/scanEngine/templates/scanEngine/settings/hackerone.html index 50f445d41..54c1f8fa7 100644 --- a/web/scanEngine/templates/scanEngine/settings/hackerone.html +++ b/web/scanEngine/templates/scanEngine/settings/hackerone.html @@ -96,12 +96,16 @@

Vulnerability Report Template