1
Vote

XSS Vulnerability in Guidence explorer

description

Steps to reproduce
1) Create a new item with the title: "Coding Guidelines <Script>while(true){alert('XSS');}</Script>"
NOTE: A large number of spaces between realistic sounding title and script tags has the effect of hiding the script when item is view in the list viewer because the entire title is not shown in the control.
Notice upon viewing this item Guidance Explorer runs the script.
 
 
Additionally HtmlEditControl.ValidateHtml() does not appear to follow guidance for sanitizing user input rendered as html.

comments