We've joined Protect AIJoin us over there for bounties up to $50,000+ for vulnerabilities in AI/ML repos

Cross-site Scripting (XSS) - Stored in circuitverse/circuitverse

Valid

Reported on

Aug 12th 2021

✍️ Description

CircuitVerse is a free, open-source platform which allows users to construct digital logic circuits online this app is vulnerable for XSS thru creating projects

🕵️‍♂️ Proof of Concept

poc

💥 Impact

This vulnerability is capable Steeling cookies of users 📍 Location projects_controller.rb#L5

Abdul muhaimin modified the report
2 years ago
Aboobacker MK validated this vulnerability 2 years ago
Abdul muhaimin has been awarded the disclosure bounty
The fix bounty is now up for grabs
Aboobacker MK marked this as fixed with commit c0fdbb 2 years ago
Aboobacker MK has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation