Online Ranking Platform for Sailing Events for Canadian Intercollegiate Sailing Association (CICSA)
This is an online regatta scoring/ranking platform for Canadian Intercollegiate Sailing Association (CICSA). Link to the ranking platform: http://scores.cicsailing.ca.
The staging branch is automatically deployed to staging on Heroku following every commit
The production branch is automatically deployed to production on Heroku following every commit
![dependabot-preview[bot] avatar](https://avatars.githubusercontent.com/in/2141?v=4 "dependabot-preview[bot]")
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
![mend-bolt-for-github[bot] avatar](https://avatars.githubusercontent.com/in/16809?v=4 "mend-bolt-for-github[bot]")
Some overlooked errors in editing/deleting after refactoring.
Vulnerable Library - bootstrap-4.1.1.jsThe most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.1/js/bootstrap.js
Path to vulnerable library: /CICSA-Ranking-Platform/static/vendor/bootstrap/js/bootstrap.js
Dependency Hierarchy:
Vulnerability Details
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
Publish Date: 2018-07-13
URL: CVE-2018-14042
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14042
Release Date: 2018-07-13
Fix Resolution: 4.1.2
Step up your Open Source Security Game with WhiteSource here
Config is not implemented (custom)
Event class in event model is not implemented (custom)
School Teams is not implemented (custom)
Vulnerable Library - bootstrap-4.1.1.jsThe most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.1/js/bootstrap.js
Path to vulnerable library: /CICSA-Ranking-Platform/static/vendor/bootstrap/js/bootstrap.js
Dependency Hierarchy:
Vulnerability Details
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
Publish Date: 2018-07-13
URL: CVE-2018-14040
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14040
Release Date: 2018-07-13
Fix Resolution: 4.1.2
Step up your Open Source Security Game with WhiteSource here
and extra team data. Going to build a dynamic event editing feature inside event management.
Vulnerable Library - bootstrap-4.1.1.jsThe most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.1/js/bootstrap.js
Path to vulnerable library: /CICSA-Ranking-Platform/static/vendor/bootstrap/js/bootstrap.js
Dependency Hierarchy:
Vulnerability Details
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
Publish Date: 2018-07-13
URL: CVE-2018-14041
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Change files
Origin: twbs/bootstrap@3229efc
Release Date: 2018-05-30
Fix Resolution: Replace or update the following file: scrollspy.js
Step up your Open Source Security Game with WhiteSource here
School Info on the top
School participated event on the bottom partitioned by season and show its ranking for each of the race
(UI: similar to the specific regatta page)
Note: New Client Page API and template
Export all data as csv/pdf upon season completion? Also have to deal with season management.
Vulnerable Libraries - jquery-3.3.1.min.js, jquery-3.3.1.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js
Path to dependency file: /CICSA-Ranking-Platform/template/client/news/post.html
Path to vulnerable library: /CICSA-Ranking-Platform/template/client/news/post.html,/CICSA-Ranking-Platform/static/vendor/jquery/jquery.min.js
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.js
Path to vulnerable library: /CICSA-Ranking-Platform/static/vendor/jquery/jquery.js
Dependency Hierarchy:
Vulnerability Details
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution: 3.4.0
Step up your Open Source Security Game with WhiteSource here
Setup script uses os env variables but they might not be exported for local setup as env variables are being read/exported in build.sh
show a different colour hamburger menu button when collapsed
show a small arrow indicator on the bottom of the sidebar when non-collapsed to collapse the sidebar
CSRF
broken merge from data abstraction
Currently throwing error
Reason: authentication directory inside the module directory is actually specifically targeted to the module management_data. We will have the new permission class in module takes care of the general authentication/ module access permission.
AuthenticationAdmin (for API) and AuthenticationAdmin (for panel) .___. Fix all of these names please
Access of each module should be managed by a central permission system.
If end is not specified, let the range be (start, NULL), which indicates the range is unbounded until it reaches the end of the query in the database. Similarly, for the start function, it is already implemented but it can use the generalization provided by the function above when it is done.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
