Cross-site Scripting (XSS) - Stored in vanessa219/vditor
Dec 10th 2021
the editor has XSS vulnerability
Proof of Concept
payload: </a> <svg><animate onbegin=alert(11) attributeName=x dur=1s>
Open the editorhttps://ld246.com/guide/markdown, enter the payload, and trigger the XSS vulnerability
This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie.