Skip to content
This repository was archived by the owner on Apr 22, 2019. It is now read-only.

XSS Vulnerability in Address Validation #74

Closed
rsisco opened this issue Jul 27, 2017 · 1 comment
Closed

XSS Vulnerability in Address Validation #74

rsisco opened this issue Jul 27, 2017 · 1 comment
Assignees
@rsisco

Comments

@rsisco
Copy link

rsisco commented Jul 27, 2017

Steps to reproduce:

  • Log into an existing account on a site with AvaTax address validation enabled
  • Click Address Book > Add New Address
  • Complete the address form with the following value in one of the address fields:
    "><script>alert('XSS')</script>
  • Click Save Address

Expected result:
Either the address will be saved or a modal will display suggesting an alternative address or reporting that the address couldn't be verified:
image

Actual result:
The injected script is executed, resulting in a pop-up window:
image
@rsisco rsisco self-assigned this Jul 27, 2017
@rsisco
Copy link
Author

rsisco commented Jul 28, 2017

This has been fixed in version 1.1.3 of this extension via PR #75.

@rsisco rsisco closed this as completed Jul 28, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@rsisco rsisco

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rsisco