This repository has been archived by the owner on Sep 2, 2019. It is now read-only.
XSS in jQuery qeditor #12
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hi,
The editor is vulnerable to an XSS. The editor allows users to insert link and if instead of normal link, I input JavaScript URI
javascript:alert%28location%29then it works. The attacker can execute arbitrary code of his choice. Please fix this issue. Thanks
The text was updated successfully, but these errors were encountered: