XSS Vulnerability? At least I was told so

Report bugs found in Poker Mavens
Post Reply
mantux5
Posts: 70
Joined: Fri Apr 03, 2015 1:33 pm

XSS Vulnerability? At least I was told so

Post by mantux5 »

If you type something like <script>alert(1)</script> into the Player Search box, the alert pops-up. I do not know, if this is a possible XSS Vulnerability or not, eitherway, I think this should be solved somehow.
Kent Briggs
Site Admin
Posts: 5878
Joined: Wed Mar 19, 2008 8:47 pm

Re: XSS Vulnerability? At least I was told so

Post by Kent Briggs »

mantux5 wrote:If you type something like <script>alert(1)</script> into the Player Search box, the alert pops-up. I do not know, if this is a possible XSS Vulnerability or not, eitherway, I think this should be solved somehow.
I've filtered all the relevant inputs for XSS. The only thing you could do with that player search box is XSS yourself since it's only displayed to yourself and not linkable from elsewhere.
Kent Briggs
Site Admin
Posts: 5878
Joined: Wed Mar 19, 2008 8:47 pm

Re: XSS Vulnerability? At least I was told so

Post by Kent Briggs »

This is now fixed in 4.40
Post Reply