Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrP0cas8202AA06-4B49-45FF-AA0F-00982F62005C
HistoryJan 24, 2022 - 4:11 a.m.

Cross-site Scripting (XSS) - Stored in vanessa219/vditor

2022-01-2404:11:08
p0cas
www.huntr.dev
23
xss
stored
vanessa219/vditor
markdown editor
browsers
sanitizing process
link
proof of concept
impact
attacker
malicious scripts
bug bounty

EPSS

0.001

Percentile

21.4%

JSON

Description

The Vanessa219/vditor is a markdown editor supported by browsers. If the user passes javascript:alert(document.domain) as the URL value when creating a link using the markdown syntax, there is no sanitizing process and the link is created as it is.

Proof of Concept

XSS PoC : [xss](javascript:alert(document.domain))

1. Open the https://ld246.com/guide/markdown
2. Enter the XSS PoC
3. Click the Link

Video : https://www.youtube.com/watch?v=5zzdiBivNSs

Impact

Through this vulnerability, an attacker is capable to execute malicious scripts.

Related

osv 2
prion 1
veracode 1
cvelist 1
nvd 1
github 1
cve 1
osv
osv
Cross-site Scripting in vditor
2022-04-01 00:00:41
CVE-2022-0350
2022-03-31 16:15:07
prion
prion
Cross site scripting
2022-03-31 16:15:00
veracode
veracode
Cross-Site Scripting (XSS)
2022-04-01 07:26:14
cvelist
cvelist
CVE-2022-0350 Cross-site Scripting (XSS) - Stored in vanessa219/vditor
2022-03-31 15:15:14
nvd
nvd
CVE-2022-0350
2022-03-31 16:15:07
github
github
Cross-site Scripting in vditor
2022-04-01 00:00:41
cve
cve
CVE-2022-0350
2022-03-31 16:15:07

EPSS

0.001

Percentile

21.4%

JSON
Related for 8202AA06-4B49-45FF-AA0F-00982F62005C
osv2prion1veracode1cvelist1nvd1github1cve1