a XSS vulnerability
jinmu1108 opened this issue · comments
Describe the bug
Everyone can take advantage of a XSS vulnerability in the URL.
To Reproduce
Enter website address https://lavalite.org/docs/master/%22%3e%3csvg%20onload=alert (1) % 3e
Expected behavior
Filter keywords such as onload and svg
Impact
Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user’s machine under the guise of the vulnerable site.
Screenshots
OS: Windows
Browser: Google
Version: 122.0.6261.131