Bug #78
json sanitation bypassed
Status:
New
Priority:
Normal
Assignee:
-
Start date:
06/23/2021
Due date:
% Done:
0%
Estimated time:
Description
{"object":{"Client":0},"changes":{"properties":{"<img src=1 onerror =alert(1)>":"string","number":123.456}}}
gets distributed, possible XSS