Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

In the latest version.It allows XSS attack, which lead to any Javascript Code execution. Such as any url redirect, and send comment without Verification code #218

MiluOWO opened this issue Nov 6, 2019 · 2 comments


Copy link

MiluOWO commented Nov 6, 2019

An issue was discovered in Valine v1.3.10. It allows XSS attack, which lead to any Javascript Code execution. Such as any url redirect.

  1. XSS


<details open ontoggle=top[8680439..toString(30)](1);>

When the payload is pasted in comment area, the js code is repeat executed, and if you post it with Burp or any tools, this payload will become a storage xss in this page.

By this xss, you can direct any url you want.


<details open ontoggle=window.location.replace('');>

Fix the vulnerability: please use html entity encode

  1. bypass Verification code to send comment

In this comment system, if you catch this http data pack, you can send any comment without verification code. Even you can fake you comment time、ua、..etc


Copy link

xCss commented Nov 19, 2019

Received and will be fixed in the near future. Thanks for feedback

Copy link

xCss commented Apr 10, 2020

fixes in v1.4.0

@xCss xCss closed this as completed Apr 10, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet

No branches or pull requests

2 participants