search

kolkov / angular-editor

A simple native WYSIWYG editor component for Angular 6 -14+
https://angular-editor.kolkov.ru
MIT License
671 stars 357 forks source link

XSS Stored Issue #530

Open masturbator1 opened 1 year ago

masturbator1 commented 1 year ago

Typical Stored XSS is presented. User needs to paste a payload to the text area:

Xss<!--{} --!><img src=1 onerror=alert(SELFXSS)>-->Attack

Click "Insert URL Link" Paste any link, and then the popup will be visible.