Stored cross site scripting #7839
Replies: 3 comments
-
I don't follow exactly what is happening because you are very light on details. Is this correct?
Or are you doing this?
Not clear to me. Can you explain in more details? |
Beta Was this translation helpful? Give feedback.
-
Hi @NiklasBr , If you see the third screen-shot, you will see a script which we are trying to run by alerting out document.domain. And the script is getting executed when the file is opened in browser. |
Beta Was this translation helpful? Give feedback.
-
Of course it is getting executed, it is a SVG file after all, and they, just like HTML files, can absolutely contain |
Beta Was this translation helpful? Give feedback.
-
I can store malicious payload into the affected area of the application and every user gets affected who browses through that malicious payload.
Any help is appreciated. Thanks in advance.
Beta Was this translation helpful? Give feedback.
All reactions