XSS Vulnerability Discovered

Description:
The stored XSS can be triggered once you editing content by using Redactor 3 in HTML Mode.

POC:
1. I pen-tested the official showcase website of Redactor 3: https://imperavi.com/redactor/, it has a demo editor in its front page. 

Then, click the icon to use HTML content mode:
![image](https://user-images.githubusercontent.com/16655396/42314244-3585b756-8077-11e8-9555-d52bd617951b.png)
2.
inject XSS payload

![image](https://user-images.githubusercontent.com/16655396/42315347-cea84cb2-8079-11e8-9eba-132a6460a004.png)

3. XSS discovered!
![image](https://user-images.githubusercontent.com/16655396/42315309-b75dcfd2-8079-11e8-8591-fc6d591deb8e.png)




Provide feedback

Saved searches

Use saved searches to filter your results more quickly

XSS Vulnerability Discovered #77

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

XSS Vulnerability Discovered #77

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions