Activities of "zulfazlibakri"

Yes, I set manually. But this issue still harmful is if attackers attack local machine and change this cookies manually to put some script. I hope ABP can take this issue seriously because it will effect our current development in term of security if this issue not solve. Tq

• ABP Framework version: v5.3.1
• UI type: Angular
• DB provider: EF Core
• Exception message and stack trace: Cross-site scripting works by manipulating a vulnerable web site so that it returns malicious JavaScript to users. When the malicious code executes inside a victim's browser, the attacker can fully compromise their interaction with the application.
• Steps to reproduce the issue:" We identify that a cookie name “_tenant” was infected with XSS attack. Please sanitize this to block all executable payload in the cookie. It affected on HttpApi.Host and IdentityServer

Preventing cross-site scripting is trivial in some cases but can be much harder depending on the complexity of the application and the ways it handles user-controllable data.

Hi, I just upgrade to ABP v5.3.0 and implement Minio Blob service. Based on this documentation(https://docs.abp.io/en/abp/latest/Blob-Storing-Minio), I have implement on ABP v5.2.0 and got no issue, Here I provide screenshot from error occur

Attachment:

Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, please use the search on the homepage.

If you're creating a bug/problem report, please include followings:

• ABP Framework version: v5.3.0
• UI type: Angular
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes
• Exception message and stack trace: