Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Blog Stored XSS Vulnerability #868

Closed
ggg4566 opened this issue Mar 5, 2020 · 0 comments
Closed

Blog Stored XSS Vulnerability #868

ggg4566 opened this issue Mar 5, 2020 · 0 comments
Assignees
@4unkur
Labels
critical
Milestone
4.2.2

Comments

@ggg4566
Copy link

ggg4566 commented Mar 5, 2020

Hello,I found a stored xss bug when add blog.
At first add a blog and upload image ,then edit blog.image file ”x” onerror=”alert(/xss/).
Browse blog trigger XSS.
Suggestion call safeHTML to image[‘file’].
1
2
@4unkur 4unkur added this to the 4.2.2 milestone Mar 5, 2020
@ggg4566 ggg4566 closed this as completed Sep 17, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@4unkur 4unkur

Labels
critical
Projects
None yet
Milestone
4.2.2
Development

No branches or pull requests
3 participants
@vbezruchkin @ggg4566 @4unkur