By UwUQueen
21 Feb 2025 15:47
Category: Security

A attacker can send the victim a message and if the victim tries to reply to it the attacker's javascript can run automatically apon opening message composer. This allows for an attacker to easily grab cookie and auto reply to their message on behalf of victim with victim's cookie, allowing session hijacking.

Resolved: Yes
Security Highest 0 hr

By @UwUQueen
17 Mar 2025 00:42

Fixed in commit 46f3bf66

By @UwUQueen
14 Mar 2025 22:32

New commit was pushed by me lastnight with a better solution

By @UwUQueen
14 Mar 2025 02:00

Sadly not working. I will try sometimes ng else.

By @HullBreach
13 Mar 2025 01:16

merged and deployed the change

By @UwUQueen
10 Mar 2025 23:08

Should be resolved in e73935e3

By @UwUQueen
10 Mar 2025 20:28

Temporary drafted merge request, will undraft soon. I realised a mistake that could have caused a issue.

By @UwUQueen
10 Mar 2025 10:25

@HullBreach

By @UwUQueen
10 Mar 2025 10:25

Nevermind, my commit is ready to be merged ASAP. I will make a new branch for other changes later.

By @UwUQueen
10 Mar 2025 10:19

However i am aiming to fix a bunch of these xss on one merge requests, i prefer this be patched ASAP

By @UwUQueen
10 Mar 2025 10:18

This should be resolved in commit 6fac9112 from branch security-1

By @JinxCade
21 Feb 2025 17:59

I'd say this deserves Highest priority since it's more common for people to message, especially after the friend request fix
@HullBreach this should get fixed ASAP

By @UwUQueen
21 Feb 2025 15:48

Is*

By @UwUQueen
21 Feb 2025 15:48

The </textarea> id all that is needed to escape the textbox and start running attackers javascript.

@UwUQueen left a reply.
17 Mar 2025 00:42

@UwUQueen marked this request as resolved.
17 Mar 2025 00:42

@UwUQueen reopened this request.
17 Mar 2025 00:41

@UwUQueen marked this request as resolved.
17 Mar 2025 00:41

@UwUQueen left a reply.
14 Mar 2025 22:32

@UwUQueen left a reply.
14 Mar 2025 02:00

@UwUQueen reopened this request.
14 Mar 2025 02:00

@HullBreach marked this request as resolved.
13 Mar 2025 01:16

@HullBreach left a reply.
13 Mar 2025 01:16

@UwUQueen left a reply.
10 Mar 2025 23:08

@UwUQueen left a reply.
10 Mar 2025 20:28

@UwUQueen left a reply.
10 Mar 2025 10:25

@UwUQueen left a reply.
10 Mar 2025 10:25

@UwUQueen left a reply.
10 Mar 2025 10:19

@UwUQueen left a reply.
10 Mar 2025 10:18

@UwUQueen claimed ownership of this request.
10 Mar 2025 10:04

@JinxCade left a reply.
21 Feb 2025 17:59

@JinxCade changed the priority from Highest.
21 Feb 2025 17:59

@UwUQueen set the priority.
21 Feb 2025 15:54

@UwUQueen left a reply.
21 Feb 2025 15:48

@UwUQueen left a reply.
21 Feb 2025 15:48

@UwUQueen created this request.
21 Feb 2025 15:47