Skip to content

Commit

Permalink
Fixed XSS reported by @phor3nsic on Huntr.dev
Browse files Browse the repository at this point in the history 
XSS payloads could be uploaded via Nuclei and GF pattern files
  • Loading branch information
@yogeshojha
yogeshojha committed Aug 31, 2021
1 parent 86eb468 commit ab89a27
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions web/scanEngine/static/scanEngine/js/custom_tools.js
View file
Expand Up @@ -7,7 +7,7 @@ function load_gf_template(pattern_name){
$('.modal-text').append(`<div class='outer-div' id="modal-loader"><span class="inner-div spinner-border text-info align-self-center loader-sm"></span></div>`);
$.getJSON(`/api/getFileContents?gf_pattern&name=${pattern_name}&format=json`, function(data) {
$('#modal-loader').empty();
$('#modal-text-content').append(`<pre>${data['content']}</pre>`);
$('#modal-text-content').append(`<pre>${htmlEncode(data['content'])}</pre>`);
}).fail(function(){
$('#modal-loader').empty();
$("#modal-text-content").append(`<p class='text-danger'>Error loading GF Pattern</p>`);
Expand All @@ -24,7 +24,7 @@ function load_nuclei_template(pattern_name){
$('.modal-text').append(`<div class='outer-div' id="modal-loader"><span class="inner-div spinner-border text-info align-self-center loader-sm"></span></div>`);
$.getJSON(`/api/getFileContents?nuclei_template&name=${pattern_name}&format=json`, function(data) {
$('#modal-loader').empty();
$('#modal-text-content').append(`<pre>${data['content']}</pre>`);
$('#modal-text-content').append(`<pre>${htmlEncode(data['content'])}</pre>`);
}).fail(function(){
$('#modal-loader').empty();
$("#modal-text-content").append(`<p class='text-danger'>Error loading Nuclei Template</p>`);
Expand Down

0 comments on commit ab89a27

Please sign in to comment.