Script Injection via new Incident
AstroGD opened this issue · 1 comments
AstroGD commented
It is possible to inject Javascript into the Incident:
This results in the following:
This is a huge security risk as your website is at risk of running unwanted javascript code on visit which could lead to critical security risks!
Please sanitize "<" AND ">" server-side before saving the incident!
Pryx commented
Good catch, I thought I already fixed that, turns out I didn't...