PLEASE FIX: Security vulnerability - code injection #464
Comments
|
Hi |
|
I have fixed this in my fork, but the change will require jquery 1.8+, so I'm not ready to make a pull request. Will need to update the code again with a function equivalent to jquery.parseHTML or strip <script /> tags |
|
Can you give us your fix here so that we may use Jquery 1.8 or higher with it ? |
|
Sure, I'd be happy to share my changes. Besides having the changes committed to my branch, are you suggesting another way for me to give you my fix? |
|
Going to close this issue; will request a pull request once I have changes that will work with earlier versions of jquery. |
Bug BountyWe have opened up a bounty for this issue on our bug bounty platform. Want to solve this vulnerability and get rewarded 💰? Go to https://huntr.dev/ We will submit a pull request directly to your repository with the fix as soon as possible. Want to learn more? Go to https://github.com/418sec/huntr 📚 Automatically generated by @huntr-helper... |
|
🛠️ A fix has been provided for this issue. Please reference: 418sec#1 🔥 This fix has been provided through the https://huntr.dev/ bug bounty platform. |
There are security vulnerabilities, making the code susceptible to code injection and/or XSS, and it begins at: data = xml ? xhr.responseXML : xhr.responseText.
The data stored in variable 'data' is eventually passed to a function that either calls "replaceWith" or "html." Given that the response is something like: <script src="badScript.js"></script>, invoking "html" will execute the script in the browser. If invoking "html" then the response should be HTML encoded or data should be sanitized.
Thanks,
Vy
The text was updated successfully, but these errors were encountered: