Cross-site Scripting (XSS) - Generic in alibaba/bizcharts
Valid
Reported on
Oct 20th 2020
Description
bizcharts
is vulnerable to Cross-Site Scripting (XSS)
.
Steps To Reproduce-:
- Open NPM repo https://www.npmjs.com/package/bizcharts
- Open the demo https://bizcharts.net/product/BizCharts4/gallery
- Select any chart(I used pie chart) Ex: https://bizcharts.net/product/BizCharts4/demo/370
- Use the payload
"><img/	  src=
~onerror=alert(document.location)>
and place it in item: '事例一 PAYLOAD ', percent: 0.4 }, - XSS payload will get executed.
to join this conversation