Stored XSS in comments
Unknown
Vulnerability Details
Comments can contain an author's website. This website is used in the href attribute of link elements and isn't filtered. Thus it allows URLs like `javascript:alert(1)` to be used. These URLs must be filtered by protocol, e.g. only allow http and https.
These attacks are blocked by the default CSP, but clients not supporting CSP or changed CSPs may be affected.
This issue affects [Airship](https://github.com/paragonie/airship) Version 1.1.2 and lower.
Actions
View on HackerOneReport Stats
- Report ID: 148751
- State: Closed
- Substate: resolved
- Upvotes: 6