Skip to content

Fix for Cross-Site Scripting (XSS) Vulnerability #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
gtsp233 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix for Cross-Site Scripting (XSS) Vulnerability #1

gtsp233 wants to merge 1 commit into from

Conversation

@gtsp233
Copy link

@gtsp233 gtsp233 commented Nov 30, 2023
edited
Loading

Fix for Cross-Site Scripting (XSS) Vulnerability

I've identified a Cross-Site Scripting (XSS) vulnerability in the application which affects all versions. The severity level is high/critical as XSS can significantly impact user security.

Vulnerability Details:

  • Severity: High/Critical
  • Description: There's a risk of malicious script execution when a user inputs specially crafted text. This can lead to unauthorized actions performed on behalf of the user.

Steps to Reproduce:

  1. Enter <img src="" onerror='alert(1)'> into the song search input. And then click submit button.

Suggested Fix or Mitigation:
The content is now being sanitized using DOMPurify, which effectively prevents the execution of malicious scripts:

I've already fixed and tested this issue, and have submitted a pull request with the necessary changes. Please review and merge my pull request at your earliest convenience to resolve this vulnerability.

Thank you for your attention to this matter.

image
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@gtsp233