Code block language search XSS

[claunch3r]

Self-XSS in the language selection field for the code block

Is there an existing issue for this?

• I have searched the existing issues

Can the issue be reproduced with the default theme (daylight/midnight)?

• I was able to reproduce the issue with the default theme

Could the issue be due to extensions?

• I've ruled out the possibility that the extension is causing the problem.

Describe the problem

Hello, I found Self-XSS in the language selection field for the code block.
Payload: <img/src/onerror=prompt("XSS")>

Steps to reproduce vulnerability

1. You need to create a code block and click on the "language" button;
2. Next, enter the specified payload in the input field labeled "Search". My payload: <img/src/onerror=prompt("XSS")> ;
3. As a result, the pop-up windows appears.

Expected result

Execution of malicious Javascript code. In this case, a pop-up window with XSS and an input field appears.

Screenshot or screen recording presentation

Version environment

- Version: 3.0.17
- Operating System: Docker server
- Browser (if used): Firefox

Log file

More information

[Anonymous-hss]

Can you mention the steps to recreate the issue ?

[claunch3r]

Can you mention the steps to recreate the issue ?

I've added the steps to reproduce vulnerability