🚨 Potential Security Vulnerability

Question

🚨 Potential Security Vulnerability

ranjit-git opened this issue 3 years ago · 3 comments

Hello, @kalcaddle - Five potential high severity security vulnerability in your repository has been disclosed to huntr.

Visit report url and validate them
https://www.huntr.dev/bounties/12-kalcaddle/KodExplorer/
https://www.huntr.dev/bounties/13-kalcaddle/KodExplorer/
https://www.huntr.dev/bounties/14-kalcaddle/KodExplorer/
https://www.huntr.dev/bounties/15-kalcaddle/KodExplorer/
https://www.huntr.dev/bounties/16-kalcaddle/KodExplorer/
https://www.huntr.dev/bounties/17-kalcaddle/KodExplorer

Report is visible only to repo-maintainer and reporter .

Answer 1 · 2021-07-01T02:55:00.000Z

@ranjit-git and @kalcaddle artTemplate escapes html content by default according to their documentation. So I don't see how these variables used in this template can cause an XSS.

Answer 2 · 2021-07-01T04:05:33.000Z

@wadleo yes xss is executed there . May be they missing xss check in few endpoints . If you are repo-maintainer then you can seee full report details with reproduction step and video poc .

Answer 3 · 2021-07-01T08:36:36.000Z

Thanks,we will fixed it soon.