You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
The web application allows image upload and attacker was able to upload a file containing HTML content. XSS payload can be injected in the file uploaded.
Steps to reproduce
Login as admin.
Click on 'New post'.
Click on 'Insert Image' and upload .html file with xss payload inside.
View the file with path in response.
The text was updated successfully, but these errors were encountered:
Describe the bug
The web application allows image upload and attacker was able to upload a file containing HTML content. XSS payload can be injected in the file uploaded.
Steps to reproduce
The text was updated successfully, but these errors were encountered: