Stored XSS in comments
Unknown
Vulnerability Details
Hello,
Here are the steps to reproduce:
1) Go to any help articles or some place where you can comment
2) Type in the comment as: `[click this link](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)`
3) Now click on the text `click this link` on your comments and XSS is executed !
This is quite similar to #82725 but with a slight different payload.
Actions
View on HackerOneReport Stats
- Report ID: 106779
- State: Closed
- Substate: resolved
- Upvotes: 3