Open Closed

HTML Injections #2338


User avatar
0
ibrahim.onat created
  • ABP Framework version: v4.4.3
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes
  • Exception message and stack trace:
  • Steps to reproduce the issue:"

There is html injection vulnarability on some of the pages


2 Answer(s)
  • User Avatar
    0
    alper created
    Support Team Director

    thanks, we will take care of it. internal issue #8758

  • User Avatar
    1
    Mehmet created

    Hi,

    For some technical reasons, we have used innerHtml for the columns of the extensible table component. No vulnerability in this case. You cannot inject any script. Angular sanitizes it by default.

    Thanks!

Made with ❤️ on ABP v9.1.0-preview. Updated on November 11, 2024, 11:11