vuhuynh's avatar
vuhuynh
New Member
3 years ago
Status:
New Idea

Removal of Ability to Link External URL's in Review Function - Cross-site Scripting Vulnerability

It was identified that the ability to link external URL's in the Review function of the tool can pose a Cross-site Scripting vulnerability.

 

The “review” functionality with the Collaborator web application can be used to serve malicious web pages and execute client-side code to end users by including a URL, which is controlled by the attacker, as part of the review 

No CommentsBe the first to comment