New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
There is a stored XSS in the file upload area #39
Comments
|
@3lse The editor use marked lib as markdown parse lib And you think reasonable way ? |
|
@94fzb |
|
@94fzb You need to filter the acquired data on the server before saving to the database. |
|
@3lse Thanks, i try use jsoup filter sometime unsafe tag |
|
Hi, is there a fix for CVE-2018-17421 & CVE-2018-17420? |


After the file is uploaded correctly, "
[abc](/zrlog/attached/file/20180918/20180918000718_50.jpg "abc")" will be displayed in the edit box.Combined with the page display, the XSS purpose is achieved by modifying the display content.Poc
[click me](aa"onmouseover="alert(1)"s= "click me")The page is displayed as "
<a href="aa" onmouseover="alert(1)" s="title=" click="" me="me">click me</a>"The text was updated successfully, but these errors were encountered: