Stored, persistent XSS #8306
Closed
aoprea1982
started this conversation in
Ideas
Replies: 2 comments 2 replies
-
Found it here Apologize. Security contact information |
Beta Was this translation helpful? Give feedback.
0 replies
-
Advisory is out, thanks for the reporting the through recommended security channels :) I credited you as reporter! |
Beta Was this translation helpful? Give feedback.
2 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Thank you for your support.
When pentesting my client activeadmin application
found a stored XSS in my context, unfiltered input.
"user-controlled input is directly interpolated into the HTML without any sanitization" in the activeadmin code.
Is ok to report it to https://tidelift.com/docs/security ? "security@tidelift.com"
maybe the problem can get a CVE assigned?
activeadmin "activeadmin-2.13.1"
Thank you!
Beta Was this translation helpful? Give feedback.
All reactions