[FIXED] XSS vulnerability found in hivekings.com block explorer

It's another day and I have found a security vulnerability on another Hive block explorer!

Dang, I wonder how vulnurable our block explorers are as @gaottantacinque have found the same vulnerabilities in not one, but two different Hive block explorers in the past 3 months.

This is the third one, that is currently owned by one of the top 30 witnesses.

I have stored this harmless attack in a Hive transaction. For those who want to check it out the ID is:

7cdcfc37aa0ecac7e62b16ee8b31242f5ad0fe18

For those who do not know what this is, XSS is a severe security vulnerability present on websites, that allows an attacker to inject malicious code in unsanitized fields that get executed in browsers such as:

• Redirecting users to a phishing site
• Stealing credentials stored in the website
• Keylogging everything entered within the site
• Cryptojacking

The maintainer has been notified about this vulnerability and will update here once it is fixed.

---

UPDATE: This issue has been fixed timely. The block explorer in question was hivekings.com, so for those who are using it please perform a hard refresh by doing a Ctrl+Shift+R (or ⌘+Shift+R on macOS), or clear your browser cache.

You may verify the fix here:

(notice that the code no longer executes).