Skip to content
This repository has been archived by the owner on Jul 13, 2021. It is now read-only.

XSS vulnerability #19

Open
ErezYalon opened this issue Jul 25, 2017 · 2 comments
Open

XSS vulnerability #19

ErezYalon opened this issue Jul 25, 2017 · 2 comments

Comments

@ErezYalon
Copy link

Project missing input sanitizers.

Example:
Simply adding a <img src=x onerror=alert(1) /> as a new "thought" will trigger an XSS:

image

@ErezYalon
Copy link
Author

Just a reminder.
This is a security issue that is probably being mimicked by other users.
If possible, it should get some attention.

@magneticflux-
Copy link

Is this still an issue? I can't reproduce it on PR #36

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants