jquery-editable-select Vulnerable for XSS even data is HTML entity encoded (?)

Vulnerable for XSS even data is HTML entity encoded (?)

Open wapsi opened this issue 8 years ago • 1 comments

I noticed that jquery-editable-select executes JS from select box option value even the data is HTML entity encoded. Am I doing something wrong here or is this an issue with jquery-editable-select?

I've uploaded one sample script here: https://wapsi.kapsi.fi/test.php

Example:

<select style="width:500px;" class="dropdownselectwithinput"> 
  <option selected value="Test XSS %B2 &#x3C;script&#x3E;alert(&#x27;BUSTED!&#x27;);&#x3C;/script&#x3E;">Test XSS %B2 &#x3C;script&#x3E;alert(&#x27;BUSTED!&#x27;);&#x3C;/script&#x3E;</option>
</select>
<script>$('.dropdownselectwithinput').editableSelect({ filter: false, duration: 100 });</script>

Nov 23 '17 06:11 wapsi

I made a pull request which fixes this issue: #49

Nov 23 '17 06:11 wapsi

jquery-editable-select jquery-editable-select copied to clipboard

Vulnerable for XSS even data is HTML entity encoded (?)

jquery-editable-select
jquery-editable-select copied to clipboard