We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
when We enter some strings,such as: </textarea><img/id="confirm(/xss/)"/alt="/"src="/"onerror=eval(id)>'"> The editor will execute XSS payload
When some cms use this editor, it is easy to get administrator rights by using XSS attack.
The text was updated successfully, but these errors were encountered:
Was this issue fixed ? @pandao CVE-2018-16330 was assigned.
Sorry, something went wrong.
Improve RegExp filter
f5cb82c
fixes #pandao#612 fixes #pandao#662 fixes #pandao#697 fixes #pandao#700 fixes #pandao#701 fixes #pandao#709 fixes #pandao#715 fixes #pandao#764 fixes #pandao#816 ### Probably: fixes #pandao#307 fixes #pandao#560
067619e
fixes #pandao#612 fixes #pandao#662 fixes #pandao#697 fixes #pandao#700 fixes #pandao#701 fixes #pandao#709 fixes #pandao#715 fixes #pandao#764 fixes #pandao#816 fixes #pandao#307 fixes #pandao#560
No branches or pull requests
when We enter some strings,such as:
</textarea><img/id="confirm(/xss/)"/alt="/"src="/"onerror=eval(id)>'">
The editor will execute XSS payload
When some cms use this editor, it is easy to get administrator rights by using XSS attack.
The text was updated successfully, but these errors were encountered: