Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
There exists no escape when printing out tooltip under "Add member" (http://localhost/subrion-develop/panel/members/add/).
Tested on Chrome - Version 67.0.3396.99 (64-bit) Subrion version - v4.2.1
Steps to reproduce -
"><img src=x onerror=prompt(document.cookie);>
The text was updated successfully, but these errors were encountered:
Resolves #760. XSS prevented - tooltips are escaped
f06652c
a33a224
4unkur
No branches or pull requests
There exists no escape when printing out tooltip under "Add member" (http://localhost/subrion-develop/panel/members/add/).
Tested on Chrome - Version 67.0.3396.99 (64-bit)
Subrion version - v4.2.1
Steps to reproduce -
"><img src=x onerror=prompt(document.cookie);>http://localhost/subrion-develop/panel/members/add/ - Admin panel
http://localhost/subrion-develop/profile/?edit - User panel (edit profile)
XSS payload would be triggered almost everywhere, where the tooltip is being displayed.
The text was updated successfully, but these errors were encountered: