Skip to content

XSS vulnerability #12

New issue
New issue
Open
Open
XSS vulnerability#12
@pawelkrupinski

Description

@pawelkrupinski
pawelkrupinski
opened on Oct 21, 2015

Hi.
Our pentesters discovered a Cross Site Scripting vulnerability that I was able to trace back to pqselect.

If you set one of the option's names in multiselect to something like that:

somevalue%27%22%3E%3C%2Ftextarea%3E%3Ch1+onclick%3Dalert%28document.domain%29%3EXSS1

unescaped version:

somevalue'"></textarea><h1 onclick=alert(document.domain)>XSS1

PQSelect will generate the unescaped version that can be executed. That is because it uses innerText instead of innerHtml (.text() vs .html() in jquery).

I'll be submitting a pull request.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions