فتح مغلق

HTML Injections #2338

User avatar
0
ibrahim.onat خلقت
  • ABP Framework version: v4.4.3
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes
  • Exception message and stack trace:
  • Steps to reproduce the issue:"

There is html injection vulnarability on some of the pages

انتقل إلى الإجابة المقبولة
2 إجابة (إجابات)
  • User Avatar
    0
    alper خلقت
    فريق الدعم Director

    thanks, we will take care of it. internal issue #8758

  • User Avatar
    1
    Mehmet خلقت

    Hi,

    For some technical reasons, we have used innerHtml for the columns of the extensible table component. No vulnerability in this case. You cannot inject any script. Angular sanitizes it by default.

    Thanks!

الوكيل
User avatar Mehmet
ملصقات
ليس بعد
Made with ❤️ on ABP v8.2.0-preview Updated on مارس 25, 2024, 15:11