MinDoc has a stored XSS vulnerability due to not filtering the onfocus attribute.

1.Edit the article create an input box with the 'onfocus' attribute

<img width="1912" height="954" alt="Image" src="https://github.com/user-attachments/assets/4956b8f4-52ec-49f6-84e9-fc409ab6aaea" />

2. save and Publish

<img width="1912" height="954" alt="Image" src="https://github.com/user-attachments/assets/0991825a-2930-4a57-b871-2b4ddaff20aa" />

3.Anyone who visits this article and clicks on this input box will trigger XSS.
(I used another browser without logging in to test)

<img width="1920" height="945" alt="Image" src="https://github.com/user-attachments/assets/8e956b50-c492-4a05-8209-6b7366484840" />


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

MinDoc has a stored XSS vulnerability due to not filtering the onfocus attribute. #1008

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

MinDoc has a stored XSS vulnerability due to not filtering the onfocus attribute. #1008

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions