Open nhienit2010 opened 2 years ago
This vulnerability in edit page function
edit page
Exploit with using "heading" attribute, we can custom HTML tag lead to inject img tag with onerror event, and use HTML encoding to bypass filter some special chars
img
onerror
HTML encoding
PoC
This vulnerability in
edit pagefunctionExploit with using "heading" attribute, we can custom HTML tag lead to inject
imgtag withonerrorevent, and useHTML encodingto bypass filter some special charsPoC