Ashar Javed
Hi, XSS is possible in URL function that is available here: https://github.com/frozeman/feindura-flat-file-cms/blob/527920f665ba0ace68e5f22a1ddc7de078108504/library/classes/XssFilter.class.php#L410 The vector is: `javascript://www.xss.com?%0aalert%281%29` The regular expression you are using happily parse the above vector and attacker can...
![http://xssplayground.net23.net/xss"onmouseover="alert(1);%20imagefile.svg](http://xssplayground.net23.net/xss"onmouseover="alert(1);%20imagefile.svg){kind=link}
Hi, The editor is vulnerable to an XSS. The editor allows users to insert link and if instead of normal link, I input JavaScript URI `javascript:alert%28location%29` then it works. The...
Hey guys! I had a comment. I am looking at the test-bed http://hoola.cz/nette-xss-test/?do=form-submit that you had created during earlier issue for Nette testing in different context. My question is related...
Hi, The editor is vulnerable to an XSS. The editor allows users to insert link and if instead of normal link, I input JavaScript URI `javascript:alert%28location%29` then it works. The...
Hi, The editor is vulnerable to an XSS. The editor allows users to insert link and if instead of normal link, I input JavaScript URI `javascript:alert%28location%29` then it works. The...
Hi, The sanitizeCSS function: https://github.com/templaza/plazart/blob/7c47a71881af009fdeadcb70221694acd1ada3cd/plg_system_plazart/includes/core/scriptsdown.php#L46 you are using is broken and easily by-passable and attacker can execute JavaScript code ... e.g., `color:red;width:expresssion(alert(1))` Would you please check? May I suggest a...
Hi, The editor is vulnerable to an XSS. The editor allows users to insert link and if instead of normal link, I input JavaScript URI `javascript:alert%28location%29` then it works. The...
Hi, The editor is vulnerable to an XSS. The editor allows users to insert link and if instead of normal link, I input JavaScript URI `javascript:alert%28location%29` then it works. The...