Cross-site Scripting (XSS) - Stored in vanessa219/vditor
Jan 23rd 2022
The Vanessa219/vditor is a markdown editor supported by browsers. When a user creates a link using the markdown syntax, the server does not URL-encode the double-quotes, so the user can escape the href attribute and trigger XSS using the on* attribute.
Proof of Concept
XSS PoC : [xss](https://google.com/"//onmousemove="alert(document.domain)) > I can insert an onerror. But I can't log in without a Chinese phone number, so I can't test 1. Open the https://ld246.com/guide/markdown 2. Enter the XSS PoC (Strangely, it doesn't insert at once, so I have to try inserting several times) 3. When the user hovers the mouse over the link, XSS is triggered via a mouse event. Video : https://www.youtube.com/watch?v=pKQMbrezdCs
Through this vulnerability, an attacker is capable to execute malicious scripts.