aceditable icon indicating copy to clipboard operation
aceditable copied to clipboard
verified publisher icon araddon

Self XSS on Not Found Message

Open infosec-au opened this issue 12 years ago • 0 comments

A DOM based XSS exists on the Not Found Message as seen in the demo, when a user self inputs a vector such as ">.

Whilst the risk is low, it is recommended that all user input is escaped and treated with in a more secure manner.

As this is a JQuery plugin and may be implemented in web applications, developers which may use this plugin as it is, may introduce vulnerabilities in their applications. 2013-12-30 19_16_53-jquery autocomplete like facebook using contenteditable

infosec-au avatar Dec 30 '13 08:12 infosec-au