gavioto / owaspantisamy

Automatically exported from code.google.com/p/owaspantisamy
0 stars 0 forks source link

html injection/XSS #174

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. <a href="http://demo.testfire.net">CLICK HERE</a>
2. click on CLICK HERE
3.

What is the expected output? What do you see instead?
it should filter out html tags. In this context,it accepts <a> tag and href 
attribute which is used to specify a link address. So, by giving the above 
input and on clicking CLICK HERE, it goes to malicious link specified in href 
attribute hence leading to html injection/XSS attacks

What version of the product are you using? On what operating system?
OS-Windows XP
Version-1.5.2

Please provide any additional information below.
vulnerable to html injection attacks

Original issue reported on code.google.com by varnam...@gmail.com on 11 Jan 2014 at 5:11