Open Arkango opened 2 years ago
The function addTextItem doesn't properly validate the value, allowing an attacker to perform a Cross-Site Scripting (XSS) - DOM based.
addTextItem
The vulnerable code is the following
code_link
424 var li = $('<li rel="'+value+'" fckb="1">').html(xssDisplay(value));
The value inserted as rel value is not properly sanitized.
If the function is called with the following payload
#"><img onerorr=alert(document.domain) src=x>
The Cross-Site Scripting - DOM based will be performed.
I requested a CVE to report the vulnerability.
The function
addTextItem
doesn't properly validate the value, allowing an attacker to perform a Cross-Site Scripting (XSS) - DOM based.The vulnerable code is the following
code_link
424 var li = $('<li rel="'+value+'" fckb="1">').html(xssDisplay(value));
The value inserted as rel value is not properly sanitized.
If the function is called with the following payload
#"><img onerorr=alert(document.domain) src=x>
The Cross-Site Scripting - DOM based will be performed.
I requested a CVE to report the vulnerability.