Open nicholasykl opened 5 years ago
The editor's source code view allows attacker to bypass the input validation in default view by injecting javascript using IFRAME element.
Proof of Concept: Injected the the payload into the editor's source code view.
Any updates on this issue?
Ofirnir123
commented
5 years ago Ofirnir123
commented
5 years ago
The editor's source code view allows attacker to bypass the input validation in default view by injecting javascript using IFRAME element.
Proof of Concept: Injected the the payload into the editor's source code view.