Skip to content

Potential XSS flaw  #59

New issue
New issue
Open
Open
Potential XSS flaw #59
@wiredin

Description

@wiredin
wiredin
opened on Jun 5, 2017

In middleware.rb, a request parameter is passed directly to the response body without being escaped.
id = request.params['id']

the parameter should be wrapped in html_escape to prevent possible XSS
id = html_escape(request.params['id'])

Please see this example URI as proof:
simple_captcha/?id=%22)%3B%20%3Cscript%20type=%27text/javascript%27%3Ealert(%27xss%27](url))%3B%3C/script%3E%20%23(%22

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions