Edit report at https://bugs.php.net/bug.php?id=66722&edit=1
ID: 66722 Updated by: [email protected] Reported by: allan dot jay71 at yahoo dot com Summary: Cross-site Scripting -Status: Feedback +Status: No Feedback Type: Bug Package: Website problem Operating System: Windows 7 PHP Version: 5.6.0alpha2 Block user comment: N Private report: N New Comment: No feedback was provided. The bug is being suspended because we assume that you are no longer experiencing the problem. If this is not the case and you are able to provide the information that was requested earlier, please do so and change the status of the bug back to "Re-Opened". Thank you. Previous Comments: ------------------------------------------------------------------------ [2014-02-16 19:24:17] [email protected] where did you upload that svg? ------------------------------------------------------------------------ [2014-02-16 05:49:07] allan dot jay71 at yahoo dot com Description: ------------ I uploaded a .SVG which contained a malicious XSS Code. code used: "><img src=x onerror=alert(document.cookie)> Test script: --------------- Code inside the .SVG FILE: "><img src=x onerror=alert(document.cookie)> Expected result: ---------------- the XSS Code will appear Actual result: -------------- Trying ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=66722&edit=1 -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
