As reported by @MMrhassel
Hey I've found that Item description is reflected without sanitize in app/items_view.php which can make an malicious user takeover the admin account through a payload that is extract csrf token and send a request to change password
As reported by @MMrhassel
Hey I've found that Item description is reflected without sanitize in app/items_view.php which can make an malicious user takeover the admin account through a payload that is extract csrf token and send a request to change password
