BBCodeParser
BBCodeParser copied to clipboard
svenslaggare
XSS Injection w/ [img] tag in default tags
Due to the URL of [img] tags not being checked, one could type:
[img]test.jpg" onError="alert('hi')[/img]]
Which shows existence of a possible XSS exploit. This is a critical issue in my opinion, and one that should be fixed ASAP.
