You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
First of all I must thank you for learning me an awesome trick that I didn't know about =)
I noticed that you are inserting the style tag as raw HTML with potentially unescaped parameters. Granted it is not likely this will be exploitable since the web page will need to allow users to set the class name, or any of the drop shadow parameters for this to be exploitable, but it is also relatively simple to fix it.
First of all I must thank you for learning me an awesome trick that I didn't know about =)
I noticed that you are inserting the style tag as raw HTML with potentially unescaped parameters. Granted it is not likely this will be exploitable since the web page will need to allow users to set the class name, or any of the drop shadow parameters for this to be exploitable, but it is also relatively simple to fix it.
The fix is replacing
with
I have attached a JSfiddle here which shows how you can exploit it... Just hit the submit button and you will get an alert.
The text was updated successfully, but these errors were encountered: