Cross-site Scripting (XSS) in DataBiosphere/duos-ui (develop)
rushtong opened this issue · 1 comments
rushtong commented
Cross-site Scripting (XSS) in DataBiosphere/duos-ui (develop)
Issue Details
- Vulnerability: Cross-site Scripting (XSS)
- Severity: Medium
- Project: DataBiosphere/duos-ui
- Branch: develop
- Scan Date: Dec 8, 2018 09:28:22
Issue Description
bootstrap is vulnerable to cross-site scripting (XSS) attacks. The attacks exist because the data-target attribute uses user-supplied input which is then interpreted directly using standard HTML entities encoding.