Hi,
There is an XSS vulnerability inside dropify.min.js allows client-side to perform JS actions when the image being uploaded in the preview inner because the filename itself can be renamed to an html or javascript code.
Example : (">< img src = x onerror=prompt(1) >.png)
Hi, There is an XSS vulnerability inside dropify.min.js allows client-side to perform JS actions when the image being uploaded in the preview inner because the filename itself can be renamed to an html or javascript code.
Example : (">< img src = x onerror=prompt(1) >.png)
Org: this.filenameWrapper.children(".dropify-filename-inner").html(this.file.name);
Fixes :
this.filenameWrapper.children(".dropify-filename-inner").html(cleanHTMLi(this.file.name));
I've written a function to perform HTML cleanup:
function cleanHTMLi(s) { return s.replace(/&/g, '&').replace(/</g, '<').replace(/"/g, '"'); }
Thanks,