XSS Vulnerability in bioconductor.org

Question

XSS Vulnerability in bioconductor.org

Opened this issue 4 years ago · 1 comments

Hey there, I found a security vulnerability in bioconductor.org:

The search bar in bioconductor.org does not sanitize user input, leading to an XSS vulnerability.
(correlating to the function searchResponse in /assets/js/search.js)

Example: https://bioconductor.org/help/search/index.html?q=<script>alert(1)</script>

A fix to this issue is to sanitize input according to OWASP's recommendations

Thanks.

Answer 1 · 2023-10-01T07:51:26.000Z

Hello, I noticed this issue has not been fixed.

Would love to work on it.

Can it be assigned to me?