Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CWE-79: Cross-Site Scripting #4249

Open
omordyk opened this issue Feb 6, 2025 · 0 comments
Open

CWE-79: Cross-Site Scripting #4249

omordyk opened this issue Feb 6, 2025 · 0 comments

Comments

@omordyk
Copy link
Contributor

omordyk commented Feb 6, 2025

Cross Site Scripting (XSS) vulnerability occurs when an application either does not perform or it performs incorrect neutralization (sanitization) of input data that is included in a web application response. As the result, an attacker is able to inject and execute arbitrary HTML and script code in a user's browser within the context of the vulnerable website. These attacks are often used to steal authentication credentials (e.g. session IDs in cookies). Depending on the vulnerability and the web application, it is also possible to completely alter the web page itself or control the victim's browser

A sensitive sink function was discovered in line 1167 of the file agreementbot/api.go. It causes a High severity Cross-Site Scripting vulnerability.
omordyk added a commit to omordyk/anax that referenced this issue Feb 6, 2025
@omordyk
Issue open-horizon#4249 - Fix CWE-79: Cross-Site Scripting
7628113 
Signed-off-by: Oleksandr Mordyk <[email protected]>
@omordyk omordyk mentioned this issue Feb 6, 2025
Open
12 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@omordyk