From 9a8f23bc3c775c2f047812cc232a816e8df1974a Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Tue, 13 Aug 2024 11:53:40 +0530
Subject: [PATCH 1/5] security: fix stored xss from extracted_results in detail
 scan page

---
 web/startScan/templates/startScan/detail_scan.html | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/web/startScan/templates/startScan/detail_scan.html b/web/startScan/templates/startScan/detail_scan.html
index 48da6d1bc..c7fad04d1 100644
--- a/web/startScan/templates/startScan/detail_scan.html
+++ b/web/startScan/templates/startScan/detail_scan.html
@@ -1745,6 +1745,12 @@ <h4 class="header-title mb-0"><span id="endpoint_change_count"><span class="spin
 						},
 						"targets": 16,
 					},
+					{
+						"render": function ( data, type, row ) {
+							return htmlEncode(data);
+						},
+						"targets": 17,
+					}
 				],
 				"initComplete": function(settings, json) {
 					api = this.api();

From 5d03011991fa3f77aad0dcc96ecc967267ec9a82 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Tue, 13 Aug 2024 11:55:32 +0530
Subject: [PATCH 2/5] security: fix stored xss from extracted_result in all
 vulnerability section

---
 web/startScan/templates/startScan/vulnerabilities.html | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/web/startScan/templates/startScan/vulnerabilities.html b/web/startScan/templates/startScan/vulnerabilities.html
index 65c339228..5aba4922c 100644
--- a/web/startScan/templates/startScan/vulnerabilities.html
+++ b/web/startScan/templates/startScan/vulnerabilities.html
@@ -234,6 +234,12 @@
 				},
 				"targets": 16,
 			},
+			{
+				"render": function ( data, type, row ) {
+					return htmlEncode(data);
+				},
+				"targets": 17,
+			}
 		],
 		"initComplete": function(settings, json) {
 			api = this.api();

From ca551f8d909d2909dda9a515b4a8afa10cad773c Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Tue, 13 Aug 2024 11:55:59 +0530
Subject: [PATCH 3/5] security: fix stored xss from extracted_result in target
 summary secon

---
 web/targetApp/templates/target/summary.html | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/web/targetApp/templates/target/summary.html b/web/targetApp/templates/target/summary.html
index c30accb84..c8d309585 100644
--- a/web/targetApp/templates/target/summary.html
+++ b/web/targetApp/templates/target/summary.html
@@ -1545,6 +1545,12 @@ <h4 class="header-title mb-0"><span id="technologies-count"><span class="spinner
 				},
 				"targets": 16,
 			},
+			{
+				"render": function ( data, type, row ) {
+					return htmlEncode(data);
+				},
+				"targets": 17,
+			}
 		],
 		"initComplete": function(settings, json) {
 			api = this.api();

From 3d1d8a78c02607eb791167a3a1a4a58da4718dfd Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Tue, 13 Aug 2024 12:05:09 +0530
Subject: [PATCH 4/5] update security.md

---
 .github/SECURITY.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/SECURITY.md b/.github/SECURITY.md
index ed2632d15..528379957 100644
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@@ -41,6 +41,7 @@ Thanks to these individuals for reporting Security Issues in reNgine.
 ### 2024
 
 * [HIGH] [Command Injection](https://github.com/yogeshojha/rengine/security/advisories/GHSA-fx7f-f735-vgh4) in Waf Detector, Reported by [n-thumann](https://github.com/n-thumann)
+* [LOW] [Stored XSS](https://github.com/yogeshojha/rengine/security/advisories/GHSA-96q4-fj2m-jqf7) in in Vulnerability Page, Reported by [Touhid M Shaikh](https://github.com/touhidshaikh)
 
 ### 2022
 

From 70b8f2973c63ebfc2faa0de17fd358ffd9c0ffc2 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Tue, 13 Aug 2024 12:25:41 +0530
Subject: [PATCH 5/5] bump severity

---
 .github/SECURITY.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/SECURITY.md b/.github/SECURITY.md
index 528379957..155d39282 100644
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@@ -41,7 +41,7 @@ Thanks to these individuals for reporting Security Issues in reNgine.
 ### 2024
 
 * [HIGH] [Command Injection](https://github.com/yogeshojha/rengine/security/advisories/GHSA-fx7f-f735-vgh4) in Waf Detector, Reported by [n-thumann](https://github.com/n-thumann)
-* [LOW] [Stored XSS](https://github.com/yogeshojha/rengine/security/advisories/GHSA-96q4-fj2m-jqf7) in in Vulnerability Page, Reported by [Touhid M Shaikh](https://github.com/touhidshaikh)
+* [MEDIUM] [Stored XSS](https://github.com/yogeshojha/rengine/security/advisories/GHSA-96q4-fj2m-jqf7) in in Vulnerability Page, Reported by [Touhid M Shaikh](https://github.com/touhidshaikh)
 
 ### 2022