May 24, 2013, 9:39 PM
[CLOSED] XSS Injection NumberFIeld
I found an XSS injection on NumberField component.
Here is the steps to reproduce this issue.
Here is the steps to reproduce this issue.
- Create new project;
- Put this code;
<body> <form runat="server"> <!-- Resource Manager --> <ext:ResourceManager ID="ResourceManager" runat="server" /> <ext:Panel ID="Panel" runat="server" Height="300" Width="500" Title="Panel"> <Items> <ext:NumberField ID="NumberField1" FieldLabel="Number" runat="server"> </ext:NumberField> </Items> </ext:Panel> </form> </body>
- Run project;
- At page, copy and paste the code below inside the field;
<font color='red' size='20'>Hi!</font>
- Wait for the browser to process the html code;
- Place the mouse pointer at red line to see the message. As image shown;
Last edited by Daniil; May 30, 2013 at 4:07 AM.
Reason: [CLOSED]