It's another day and I have found a security vulnerability on another Hive block explorer!
Dang, I wonder how vulnurable our block explorers are as @gaottantacinque have found the same vulnerabilities in not one, but two different Hive block explorers in the past 3 months.
This is the third one, that is currently owned by one of the top 30 witnesses.
I have stored this harmless attack in a Hive transaction. For those who want to check it out the ID is:
For those who do not know what this is, XSS is a severe security vulnerability present on websites, that allows an attacker to inject malicious code in unsanitized fields that get executed in browsers such as:
- Redirecting users to a phishing site
- Stealing credentials stored in the website
- Keylogging everything entered within the site
The maintainer has been notified about this vulnerability and will update here once it is fixed.
UPDATE: This issue has been fixed timely. The block explorer in question was hivekings.com, so for those who are using it please perform a hard refresh by doing a Ctrl+Shift+R (or ⌘+Shift+R on macOS), or clear your browser cache.
You may verify the fix here: https://hivekings.com/explorer/?tx=7cdcfc37aa0ecac7e62b16ee8b31242f5ad0fe18 (notice that the code no longer executes).