Code Injection in collectiveaccess/providence


Reported on

Sep 25th 2021

# Description
client side injection 

 # Proof of Concept

open the

click on search input   the code in search bar <a href =>clickme</a>

# Impact
This vulnerability is injecting malicious code into application 
We have contacted a member of the collectiveaccess/providence team and are waiting to hear back 2 years ago
CollectiveAccess marked this as fixed with commit aaf573 2 years ago
CollectiveAccess has been awarded the fix bounty
This vulnerability will not receive a CVE
2 years ago


thanks sir

to join this conversation