Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[security] Cross-site Scripting (XSS) #1784

Open
Dimfacion opened this issue Oct 30, 2024 · 1 comment · Fixed by #2136
Open

[security] Cross-site Scripting (XSS) #1784

Dimfacion opened this issue Oct 30, 2024 · 1 comment · Fixed by #2136
Labels
bug use for describing something not working as expected security use to identify issue related to security
Milestone
Bugs backlog

Comments

@Dimfacion
Copy link
Member

Description

Unsanitized input from the request URL flows into here, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).

openbas-api/src/main/java/io/openbas/rest/executor/ExecutorApi.java:197
@Dimfacion Dimfacion added bug use for describing something not working as expected needs triage use to identify issue needing triage from Filigran Product team security use to identify issue related to security and removed needs triage use to identify issue needing triage from Filigran Product team labels Oct 30, 2024
@EllynBsc EllynBsc added this to the Bugs backlog milestone Oct 30, 2024
@RomuDeuxfois RomuDeuxfois mentioned this issue Dec 31, 2024
Merged
@RomuDeuxfois RomuDeuxfois self-assigned this Dec 31, 2024
RomuDeuxfois added a commit that referenced this issue Jan 9, 2025
@RomuDeuxfois
[backend] Fix Server-Side Request Forgery & Cros Site Scripting (#1782,
5fe4b1a 
#1784)
@RomuDeuxfois RomuDeuxfois added the solved The issue has been solved label Jan 9, 2025
@RomuDeuxfois RomuDeuxfois reopened this Jan 15, 2025
@RomuDeuxfois
Copy link
Member

Need to find a better way to be handled in Snyk side

@RomuDeuxfois RomuDeuxfois removed the solved The issue has been solved label Jan 15, 2025
@RomuDeuxfois RomuDeuxfois removed their assignment Jan 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug use for describing something not working as expected security use to identify issue related to security
Projects
None yet
Milestone
Bugs backlog
Development

Successfully merging a pull request may close this issue.

[backend] Fix Server-Side Request Forgery OpenBAS-Platform/openbas
3 participants
@Dimfacion @EllynBsc @RomuDeuxfois