No filteration of null characters in name field
None
Vulnerability Details
Hello,
##Description:
The account settings page, https://demo.weblate.org/accounts/profile/#account, allows a user to set their username as a null character! A user intercepts the request using a proxy and changes the user name field to %00.
##Mitigation:
I recommend you have filtering of null characters on your account settings page.
Thanks!
Actions
View on HackerOneReport Stats
- Report ID: 242945
- State: Closed
- Substate: resolved
- Upvotes: 4