sateesh999
Contributor
Joined 7 years ago
User Profile
User Widgets
Contributions
Re: "><img src=x onerror=alert('testing')>
Hi Claudius , Thanks for your reply. I am not an admin, But If any other user injects the script into the subject area then the popup box is appearing on the page. It's a security issue. As per your message we need to check with the content filters right? Thanks. Sateesh."><img src=x onerror=alert('testing')>
Hello, If I enter alert code or any script into the subject field and after posting my message If I refresh or click on the home page then A popup is showing and says (testing) with an OK button. Please let me know How can I disable this popup? Thanks, Sateesh.Re: How to prevent cross-site-scripting and XSS?
luk , Thanks for your response, No Idea how they are posted the scripts into our community. we thought that they are injected through the below steps -go to https://community.xxxxx.com and login -Then click Start a "New Discussion" -Now you can see the vulnerable area "Subject " put here XSS payload "><img src=x onerror=prompt(/abdullah/)> -And fill other random stuff and Post, And go All forum topics -XSS executed =============== And please let me know if they injected via API, Then how can we solve it? Regards, Sateesh.Re: test
Thanks for your response Prashanth, Ok, I understand, but I have gone through the "start a discussion" button in Koros and entered a few sample script like ["><img src=x onerror=prompt(/securitytesting/)>"] It has not allowed the script and throwing error message also. The same thing I need in our community, I tried it in Studio on the community platform but very limited options are provided. How can I get that error message for the text area? Thanks, Sateesh.
