Cross-Site-Scripting(XSS) vulnerabilities discovered in SiCKRAGE web interface

It was discovered that there are several Cross-Site-Scripting(XSS) vulnerabilities in the SiCKRAGE application web interface, these vulnerabilities allow the execution of JavaScript code to do such things as display cookies or other sensitive data stored in the browser related to the SiCKRAGE application.

This only affects the web interface in certain parts once logged in, and only would provide access to data stored in the browser specifically for SiCKRAGE application use, SiCKRAGE does not store sensitive data in browser storage, however, we still take these sorts of vulnerabilities serious!

I’ve taken steps to mitigate these issues, please be sure you are using v10.0.11.dev2 or newer for the develop branch or v10.0.11 or newer for the master branch

Also, if anyone comes across more issues like this, please feel free to notify me through [email protected] so I can take steps to resolve them.

Thanks and stay safe!
echel0n

This topic was automatically closed after 60 minutes. New replies are no longer allowed.