Open nicholasykl opened 5 years ago
The editor's source code view allows attacker to bypass the input validation in default view by injecting javascript using IFRAME element.
Proof of Concept: Injected the the payload into the editor's source code view.
Any updates on this issue?
The editor's source code view allows attacker to bypass the input validation in default view by injecting javascript using IFRAME element.
Proof of Concept: Injected the the payload into the editor's source code view.