Reflected XSS vulnerability #703

akkuman · 2019-12-07T12:20:31Z

<HEAD></HEAD></xss:xss><svg/onload=alert(1)><svg/onload=alert(/123/)//element[attribute='<img src=x onerror=alert('XSS');>

The text was updated successfully, but these errors were encountered:

seonim-ryu · 2019-12-10T02:18:45Z

@akkuman
The tags corresponding to XSS are sanitized inside the editor, but the above case does not seem to be considered. Thank you for your report.

LunaTK · 2019-12-12T02:24:21Z

<p></p><svg><svg onload=alert('xss')>

Above code is enough to trigger XSS

Also, the original payload didn't work on my Safari 13.0.3, but worked on

(Not sure why it doesn't work on Safari, although the rendered DOM is the same.)

I think it is kind of Mutation XSS.

EvieMae · 2020-03-31T14:39:01Z

This still happens in 2.0.0.
Using

<p></p><svg><svg onload=alert('xss')>

seonim-ryu added the Enhancement Enhance performance or improve usability of original features. label Dec 10, 2019

seonim-ryu pushed a commit that referenced this issue Jan 2, 2020

viewOnly: change event listener should have event object fixed #703

adbedb3

seonim-ryu pushed a commit that referenced this issue Jan 6, 2020

viewOnly: change event listener should have event object fixed #703

9d049a0

kant01ne mentioned this issue Jun 3, 2020

Stored XSS in WYSIWYG mode only while removing blockquotes #1021

Closed

Provide feedback