Skip to content
This repository has been archived by the owner on Apr 26, 2022. It is now read-only.

XSS in HTML-5-WYSIWYG-Editor #5

Open
soaj1664 opened this issue Apr 13, 2014 · 0 comments
Open

XSS in HTML-5-WYSIWYG-Editor #5

soaj1664 opened this issue Apr 13, 2014 · 0 comments

Comments

@soaj1664
Copy link

Hi,

The editor is vulnerable to an XSS. The editor allows users to insert link and if instead of normal link, I input JavaScript URI

javascript:alert%28location%29

then it works. The attacker can execute arbitrary code of his choice. Please fix this issue. Thanks
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@soaj1664