Lower risk, given that an account requires access to be able to add/edit external links to store the XSS, but line 1519 of lib/html.php isn't sanitizing $tab['title'].
Although the title field in external_links is a varchar(20), we can get around that restriction by creating multiple tabs and using comment blocks to keep the XSS valid:
Create the first tab with title: <script>alert(1)/*
Create second tab with title: */</script>
Tested against version 1.1.17
The text was updated successfully, but these errors were encountered:
Lower risk, given that an account requires access to be able to add/edit external links to store the XSS, but line 1519 of lib/html.php isn't sanitizing
$tab['title'].Although the
titlefield in external_links is a varchar(20), we can get around that restriction by creating multiple tabs and using comment blocks to keep the XSS valid:Create the first tab with title:
<script>alert(1)/*Create second tab with title:
*/</script>Tested against version 1.1.17
The text was updated successfully, but these errors were encountered: