Avata Suljettu

HTML Injections #2338

User avatar
0
ibrahim.onat luotu
  • ABP Framework version: v4.4.3
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes
  • Exception message and stack trace:
  • Steps to reproduce the issue:"

There is html injection vulnarability on some of the pages

Siirry hyväksyttyyn vastaukseen
2 Vastaus (t)
  • User Avatar
    0
    alper luotu
    Tukitiimi Director

    thanks, we will take care of it. internal issue #8758

  • User Avatar
    1
    Mehmet luotu

    Hi,

    For some technical reasons, we have used innerHtml for the columns of the extensible table component. No vulnerability in this case. You cannot inject any script. Angular sanitizes it by default.

    Thanks!

Valtuutettu
User avatar Mehmet
Tarrat
Ei vielä
Made with ❤️ on ABP v8.2.0-preview Updated on maaliskuuta 25, 2024, 15.11