Cross-site Scripting (XSS) - Generic in alibaba/bizcharts


Reported on

Oct 20th 2020


bizcharts is vulnerable to Cross-Site Scripting (XSS).

Steps To Reproduce-:

  1. Open NPM repo
  2. Open the demo
  3. Select any chart(I used pie chart) Ex:
  4. Use the payload "><img/&#09;&#10;&#11; src=~onerror=alert(document.location)> and place it in item: '事例一 PAYLOAD ', percent: 0.4 },
  5. XSS payload will get executed.
to join this conversation