.. | |||
README.md | Loading last commit info... |
README.md
External Links in New Window / New Tab < 1.43 - Unauthenticated Stored Cross-Site Scripting
Description
The plugin does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possible.
Proof of Concept
On any post on the affected site, add the following link to a comment:
<a href="http://domain.tld/'-alert(1)-'/">Click here for XSS</a>
Click on the link, you should be getting an alert box.