Hello,

While testing the Netsparker web application security scanner we identified a vulnerability in Sharre (2.0.1).

Can you please advise whom shall we contact to disclose the vulnerability details so it can be fixed?

Please email me: daniel (at) netsparker (dot) com

Looking forward to hearing from you.

Regards,

Daniel Bishtawi

We are patching the script ourselves so it sanitizes script tags passed in via the URL. Is that the issue?

Hi @DanielBishtawi. Did you receive any reply?

@makmour We received a reply by the vendor stopped responding.

The technical details can be found here: https://www.netsparker.com/web-applications-advisories/ns-18-041-dom-cross-site-scripting-in-sharrre/

Thanks for your fast reply @DanielBishtawi.