Details
-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
Medium
-
Resolution: Fixed
-
Component/s: None
-
Labels:
-
CVSS Score:6
-
Bug Fix Policy:
Description
Steps to reproduce:
1. add new shortcuts with default alias like "<img src=x onerror=alert(1)>".
2. by typing [searchterms@alias_name] in page editor you can trigger XSS
By replacing existing shortcut with malicious one, we can easily exploit multiple users using this functionality.
Attachments
Issue Links
- mentioned in
-
Page Loading...