From ab483baaef96b61f5238e5bc18824d4f7cfd6105 Mon Sep 17 00:00:00 2001
From: kkthxbye <400797+kkthxbye-code@users.noreply.github.com>
Date: Tue, 7 May 2019 08:21:18 +0200
Subject: [PATCH] Update README.md

---
 panorama_mitm_xss/README.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/panorama_mitm_xss/README.md b/panorama_mitm_xss/README.md
index f72bfe5..ad084ce 100644
--- a/panorama_mitm_xss/README.md
+++ b/panorama_mitm_xss/README.md
@@ -1,4 +1,12 @@
 ## MITM and XSS exploit in Counter-Strike: Global Offensive
+
+### Fixed on 07-05-2019
+*https://github.com/SteamDatabase/GameTracking-CSGO/commit/2174089a01d9289fa62e098d142ac77f49667408*
+
+*They fixed it by changing the URL to https and not eval'ing unsafe input. Still plenty of entrypoints.*
+
+---
+
 CS:GO uses the source 2 component Panorama for its UI. It's very much like Electron, in that it is a HTML renderer with a JS API. 
 
 Valve made some mistakes while implementing this, allowing MITM that leads to XSS. This allows you to run JS code in the game, without hooking the process (the code.pbin file is verified, so modification is not possible). This can be used to make custom UI's, set cheat protected CVARS or just play with the internal API.