CSS Injection in Message Avatar vulnerability
Posted: Mon Oct 28, 2024 6:39 am
Custom message avatars can contain inline CSS that influences the resulting HTML element rendering.
The Meteor.method sendMessage allows setting custom avatars. When escaping the input with none); further CSS is applied to the elements inline styles. The injected CSS may not contain certain characters, including whitespace.
https://hackerone.com/reports/1031613
The Meteor.method sendMessage allows setting custom avatars. When escaping the input with none); further CSS is applied to the elements inline styles. The injected CSS may not contain certain characters, including whitespace.
https://hackerone.com/reports/1031613