XSS in page editor via Shortcut links

XMLWordPrintable

    • 6

      Steps to reproduce:
      1. add new shortcuts with default alias like "<img src=x onerror=alert(1)>".
      2. by typing [searchterms@alias_name] in page editor you can trigger XSS

      By replacing existing shortcut with malicious one, we can easily exploit multiple users using this functionality.

            Assignee:
            Tin Vuu (Inactive)
            Reporter:
            Michał Marek
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: