Hello, i found bug XSS via markdownIam using simple payload to test ><iframe src="javascript:alert(document.cookie)"</iframe>
><iframe src="javascript:alert(document.cookie)"</iframe>
Result:
nafvub8i1#
https://npmjs.com/advisories/794its known it just hasnt been fixed
ktecyv1j2#
Can you try against this version please, also be sure the have the iframe filter enabled:https://github.com/418sec/editor.md
2条答案
按热度按时间nafvub8i1#
https://npmjs.com/advisories/794
its known it just hasnt been fixed
ktecyv1j2#
Can you try against this version please, also be sure the have the iframe filter enabled:
https://github.com/418sec/editor.md