[GH-ISSUE #772] Private Disclosure #488

Closed
opened 2026-03-01 14:44:04 +03:00 by kerem · 3 comments
Owner

Originally created by @omriinbar on GitHub (Jun 22, 2021).
Original GitHub issue: https://github.com/ArchiveBox/ArchiveBox/issues/772

Hello, do you have an email for private disclosure?

Originally created by @omriinbar on GitHub (Jun 22, 2021). Original GitHub issue: https://github.com/ArchiveBox/ArchiveBox/issues/772 Hello, do you have an email for private disclosure?
kerem closed this issue 2026-03-01 14:44:04 +03:00
Author
Owner

@pirate commented on GitHub (Jun 22, 2021):

https://sweeting.me/#contact watch the canvas background after ~3sec

What's the category of the vuln? XSS/RCE/etc.?

<!-- gh-comment-id:866013164 --> @pirate commented on GitHub (Jun 22, 2021): https://sweeting.me/#contact watch the canvas background after ~3sec What's the category of the vuln? XSS/RCE/etc.?
Author
Owner

@omriinbar commented on GitHub (Jun 24, 2021):

XSS leading to admin account creation

<!-- gh-comment-id:867542382 --> @omriinbar commented on GitHub (Jun 24, 2021): XSS leading to admin account creation
Author
Owner

@pirate commented on GitHub (Jun 24, 2021):

Ok, that's already a known vuln with fix work in progress, see here: #239

https://github.com/ArchiveBox/ArchiveBox#security-risks-of-viewing-archived-js

<!-- gh-comment-id:867731142 --> @pirate commented on GitHub (Jun 24, 2021): Ok, that's already a known vuln with fix work in progress, see here: #239 https://github.com/ArchiveBox/ArchiveBox#security-risks-of-viewing-archived-js
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/ArchiveBox#488
No description provided.