Code Monkey home page Code Monkey logo

Comments (7)

daviddarnes avatar daviddarnes commented on June 11, 2024 6

"after you login", how can this be a vulnerability when you need to be logged in? Surely if you're logged in you're already vulnerable? πŸ€”

from anchor-cms.

daviddarnes avatar daviddarnes commented on June 11, 2024 1

Well if you think it's an issue you're welcome to contribute with a fix ✨

from anchor-cms.

TheBrenny avatar TheBrenny commented on June 11, 2024 1

Further, it was confirmed that no user could insert unescaped chars in #1102. Closing this unless there's a genuine vulnerability. If comments are sanitized, then it's not possible for someone to steal cookies?

from anchor-cms.

TGRBirdFlying avatar TGRBirdFlying commented on June 11, 2024

"after you login", how can this be a vulnerability when you need to be logged in? Surely if you're logged in you're already vulnerable?

This is a vulnerability in itself. I can insert a link of rebound cookie. which will be triggerd when the administrator or others . so that I can log in directly with the cookie.without the account password.

from anchor-cms.

TheBrenny avatar TheBrenny commented on June 11, 2024

This is a vulnerability in itself. I can insert a link of rebound cookie. which will be triggerd when the administrator or others [do what?]. so that I can log in directly with the cookie.without the account password.

So wouldn't the vulnerability be with the cookies? I'm no expert though. πŸ€·β€β™‚οΈ Nevermind, I was silly on this one. But still,

from anchor-cms.

Gerrit0 avatar Gerrit0 commented on June 11, 2024

Duplicate of #1298?

Anchor explicitly allows admins to use raw HTML in their pages. If a user was able to make a comment with XXS, then yes this would be a problem.

from anchor-cms.

daviddarnes avatar daviddarnes commented on June 11, 2024

Feel like this should be closed since, as @Gerrit0 has pointed out, it’s already been addressed in #1298. Anchor intentionally allows markup when entering content, it’s down to the user to take care when entering content

from anchor-cms.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. πŸ“ŠπŸ“ˆπŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❀️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.