Abrir Fechadas

HTML Injections #2338

User avatar
0
ibrahim.onat criada
  • ABP Framework version: v4.4.3
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes
  • Exception message and stack trace:
  • Steps to reproduce the issue:"

There is html injection vulnarability on some of the pages

Vá para a resposta aceita
2 resposta (s)
  • User Avatar
    0
    alper criada
    Equipe de Apoio Director

    thanks, we will take care of it. internal issue #8758

  • User Avatar
    1
    Mehmet criada

    Hi,

    For some technical reasons, we have used innerHtml for the columns of the extensible table component. No vulnerability in this case. You cannot inject any script. Angular sanitizes it by default.

    Thanks!

Cessionário
User avatar Mehmet
Etiquetas
Ainda não
Made with ❤️ on ABP v8.2.0-preview Updated on março 25, 2024, 15:11