Blogifier is an open-source publishing platform Written in ASP.NET and Blazor WebAssembly. With Blogifier make a personal blog or a website.
1.26k
stars
518
forks
source link
Stored XSS via filename parameter in '/api/storage/upload/PostImage' #316
Closed
tuando243 closed 2 years ago
Describe the bug Stored XSS exists in Blogifier 3.0 via filename parameter in '/api/storage/upload/PostImage'.
Steps to reproduce
<img src=1 onerror=alert(1)>
in filename field.