[Crash] Unchecked msg.url access in feedback handler

## Summary
Services server crashes when `msg.url` is undefined in feedback handler.

## Affected Code
`server-services/start-services.js:577`

```javascript
avatar_url: msg.url + 'favicon.ico', // CRASH if msg.url is undefined
```

## Vulnerability
If client sends `{"cmd":"feedback"}` without `url` field.

## Impact
- Services server crash on feedback
- Denial of service

## Proof of Concept
```json
{"cmd":"feedback","email":"test@test.com","comments":"test"}
```

## Recommended Fix
```javascript
avatar_url: (msg.url || '') + 'favicon.ico',
embeds: [{ description: \`> from ${msg.email || 'unknown'}\\n\\n${msg.comments || ''}\` }]
```

## References
- PR: https://github.com/onlypuppy7/LegacyShell/pull/43

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Crash] Unchecked msg.url access in feedback handler #66

Summary

Affected Code

Vulnerability

Impact

Proof of Concept

Recommended Fix

References

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

[Crash] Unchecked msg.url access in feedback handler #66

Description

Summary

Affected Code

Vulnerability

Impact

Proof of Concept

Recommended Fix

References

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions