epicosy (3)
Last Login: June 26, 2024
Assessments
1
Score
3
epicosy's Latest (1) Contributions
Sort by:
Filter by:
2
Technical Analysis
Entered URL through Draft.js entity data (props.contentState.getEntity(props.entityKey).getData()) in querybook/webapp/lib/richtext/ index.tsx (line 13) misses validation of URL schema using Safelist (‘http:’, ‘https:’), resulting in client-side XSS at <Link to={url} newTab>
(line 15), enabling ACE when exploited.