The vulnerability is related to the insufficient filtration in HTMLawed. Existing filter can be bypassed and paste into the HTML tag <img> onerror event, that leads to stored XSS. I notified the developers of existing vulnerabilities and they closed it in version 2.1.1 proof: http://vanillaforums.org/discussion/27540/vanilla-2-1-1-important-security-bug-release vulnerable versions: 2.0 to 2.1.1 maybe 1.* versions my XSS exploit: <img alt="<img onerror=alert(1)//"<"> Screenshot with alert in attach of this message.
Attachment:
vanilla xss.png
Description: PNG image
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
