Problem: Potential Cross-site scripting
ntrampham opened this issue · 9 comments
Greetings!
Thank you for reporting this issue. Had overlooked that validation.
Hi
Would you mind publishing a CVE for this?
I actually do not know how to publish a CVE. Would have to read into it..
Using this form? https://cveform.mitre.org/
Yes, absolutely right!
That would be great if you can setup a security policy for the repo you own here https://github.com/ansibleguy/webui/security.
This would allow users to draft a report on their own. You will then only need to approve and publish it. Ref: https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/publishing-a-repository-security-advisory#
Alright. Have added the policy and security advisories
are now enabled.
Would you mind testing the validation-fix in version 0.0.21?
Fix looks good. I am no longer able to reproduce the vulnerability. Please go ahead and publish a security advisory for this.