Reflected XSS in rtxteam/rtx
Apr 29th 2022
i found a reflected xss in
Proof of Concept
Steal User Cookie or redirect to malicious sites
Thank you, I am filing a bug report about this with our team.
Thank you for the fast response highly appreciated.
Hi OxRaw, my team reports that they have figured out how to fix the issue and they are testing it out. Thank you for your patience. We will advise when the fix is committed to GitHub and deployed into production. We have opted not to track this in our public issue repository (but rather are tracking it in our private Slack workspace) since it is a security vulnerability in a public-facing system. Thanks again for reporting this to us. We will be in touch with an update within the next week.
Hello thanks for the quick fix, Can i have a CVE for this finding ?
Kind Regrads, Rawi.
Hi OxRaw, sure, can you please tell me how I can provide you the CVE? I am not so experienced with using the huntr.dev site. Thanks.
Hey, I'm not that expert too but from what i saw in previous reports that the user should request the CVE and the maintainer should reply with a yes or no based on the maintainer answer the CVE will be issued or not. btw, I sent this report to an admin he will provide the CVE , since you agreed.
Kind Regards, Rawi.
Thank you Jamie.