You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When a user enters data the input is not filtered. It is possible, for example, to enter "><img src="x:x" onerror="alert('LBVD')"> in the user account First Name field.
This is not a big issue because the backend does filter the data, and the text above is not added to the database. It does however leave a theoretical possibility for reflected cross-site scripting.
Possible Solution
Filter the data that a user enters
Steps to Reproduce
Login to a Plannen site
Goto My Account
Enter "><img src="x:x" onerror="alert('LBVD')"> as your first name
Click Opslaan
Reload the page and see an alert.
The text was updated successfully, but these errors were encountered:
When a user enters data the input is not filtered. It is possible, for example, to enter
"><img src="x:x" onerror="alert('LBVD')">in the user account First Name field.This is not a big issue because the backend does filter the data, and the text above is not added to the database. It does however leave a theoretical possibility for reflected cross-site scripting.
Possible Solution
Filter the data that a user enters
Steps to Reproduce
"><img src="x:x" onerror="alert('LBVD')">as your first nameOpslaanThe text was updated successfully, but these errors were encountered: