Stored XSS via Chat History Upload
A Stored XSS vulnerability was found in version 20240410 of the software, allowing attackers to inject malicious scripts into chat history files. This issue has not yet been patched.
Available publicly on Jul 11 2024
Remediation Steps
- Validate and sanitize all user inputs, including uploaded files, to ensure they do not contain executable scripts.
- Implement Content Security Policy (CSP) headers to restrict the execution of untrusted scripts.
- Regularly update and patch the application to address known vulnerabilities.
- Educate users about the risks of uploading files from untrusted sources.
Patch Details
- Fixed Version: N/A
- Patch Commit: N/A
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.