Edit report at https://bugs.php.net/bug.php?id=66722&edit=1
ID: 66722 Updated by: [email protected] Reported by: allan dot jay71 at yahoo dot com Summary: Cross-site Scripting -Status: Open +Status: Feedback Type: Bug Package: Website problem Operating System: Windows 7 PHP Version: 5.6.0alpha2 Block user comment: N Private report: N New Comment: where did you upload that svg? Previous Comments: ------------------------------------------------------------------------ [2014-02-16 05:49:07] allan dot jay71 at yahoo dot com Description: ------------ I uploaded a .SVG which contained a malicious XSS Code. code used: "><img src=x onerror=alert(document.cookie)> Test script: --------------- Code inside the .SVG FILE: "><img src=x onerror=alert(document.cookie)> Expected result: ---------------- the XSS Code will appear Actual result: -------------- Trying ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=66722&edit=1 -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
