In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Cross-site Scripting (XSS) vulnerabilities in an interactive lesson.
Start learningUpgrade spree_backend
to version 1.0.5, 1.1.3, 1.2.1 or higher.
Affected versions of this package are vulnerable to Cross-site Scripting (XSS). An attacker can potentially inject html into the admin by registering with a specially crafted email. This could lead to injecting javascript into the admin and stealing the admin's API key and other credentials.