bacsa / jquery-datatables-editable

Automatically exported from code.google.com/p/jquery-datatables-editable
0 stars 0 forks source link

BUG in Editable - Security Vulnerability #127

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Access below link of Datatables editable :

http://jquery-datatables-editable.googlecode.com/svn/trunk/index.html

2. Double click on any cell to update its contents.Type below

<script>alert("hello");</script>

3. Hit Enter.It will pop up the alert message.This is serious threat as cross 
site scripting.

What is the expected output? What do you see instead?
Alert poup should not come up.

What version of the product are you using? On what operating system?
1.3.2

Please provide any additional information below.

Original issue reported on code.google.com by saurabhd...@gmail.com on 27 Aug 2012 at 9:04