Oscar Arnflo

icon indicating a website link https://www.arnflo.se icon indicating an email [email protected]

Results 1 issues of Oscar Arnflo

[Security] XSS in HelpModal leading to RCE via imported malicious data file

4 comment

The **help text**-modal utilizes the React component attribute `dangerouslySetInnerHTML` when rendering the **Info**, **Abuse Info**, etc. texts. E.g. https://github.com/BloodHoundAD/BloodHound/blob/338e197dc4b7a1ee929c335141172ada5bc80800/src/components/Modals/HelpTexts/GenericAll/GenericAll.jsx#L31-L37 This makes the application vulnerable to XSS unless the input parameters...

bug