Possible Cross-site scripting DOM-based
anthaeus opened this issue · 2 comments
anthaeus commented
The applicaiton version 3.7.2 may be vulnerable to DOM-based cross-site scripting. Data is read from window.location.hash and passed to $() via the following statements:
e=window.location.hash;
b_isTabHash(e)&&(e=b._getFromNiceHash(e),$('.tab-menu a[href\x3d'"+e'"]').tab("show"));
The exploitability of this issue might depend on the specific version of jQuery that is being used.
Cyassin commented
Can you highlight where in the code this is? I can't seem to find it.
Curious as my product team is assessing the risks of using this script.
anthaeus commented
Id like to but I dont remember which assesment on my side was it.
Damn..
2018-02-13 7:24 GMT+01:00 Cyassin <notifications@github.com>:
… Can you highlight where in the code this is? I can't seem to find it.
Curious as my product team is assessing the risks of using this script.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#212 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AGzlZyCNocSsWszUhs-sVvwOK72fr-aGks5tUSqggaJpZM4OiZ8C>
.
--
/*
Pozdrawiam */