Stored XSS when deleting proxy host

**Steps to reproduce:**

1. Login as administrative user
2. Create a new proxy host entry with the payload `<script>alert('XSS')</script>.google.com` as domain 
3. Hit save
4. Try to delete the newly added proxy host. XSS payload is executed.

![image](https://user-images.githubusercontent.com/21357789/159934202-5dd026dc-1cd2-4f8d-a54a-63754fed4e58.png)

![image](https://user-images.githubusercontent.com/21357789/159934888-1d864ee7-7906-4ea5-83b8-64a2bc4d69cb.png)

![image](https://user-images.githubusercontent.com/21357789/159934534-a6eef6a2-4bd5-4886-830d-0ab90f63298c.png)

**Recommendation:**

Implementing input validation and/or ensuring output sanitization as done for all other inputs/outputs.

**Risk:**

Low risk since high privileges are required.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Stored XSS when deleting proxy host #1950

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Stored XSS when deleting proxy host #1950

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions