Skip to content
This repository was archived by the owner on Apr 27, 2021. It is now read-only.
This repository was archived by the owner on Apr 27, 2021. It is now read-only.

webrtc-from-chat potential XSS vulnerability, unfiltered data. #109

Open
Open
webrtc-from-chat potential XSS vulnerability, unfiltered data.#109

Description

@hello-smile6
hello-smile6
opened on Mar 5, 2021

I was able to corrupt the user list for all users using the following script:

setInterval(function() {sendToServer({type:"userlist",users:["Hacked.","By helllo-smile6@github"]});,1);

Additionally, HTML entities can be used in the chat. HTML code is nullified. This may create additional, more secure vulnerabilities.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions