Project

General

Profile

Bug #78

json sanitation bypassed

Added by Josip Almasi over 3 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Start date:
06/23/2021
Due date:
% Done:

0%

Estimated time:

Description

{"object":{"Client":0},"changes":{"properties":{"<img src=1 onerror =alert(1)>":"string","number":123.456}}}

gets distributed, possible XSS

Also available in: Atom PDF