XSS Vulnerability present when using Web Content Article's source code
knowledge-article-header-disclaimer-how-to
knowledge-article-header-disclaimer
legacy-article
learn-legacy-article-disclaimer-text
Issue
- We've observed a XSS Vulnerability present when using Web Content Article's source code.
- This vulnerability appears to be present when involving the deployment of a payload via the source code.
- Steps to reproduce:
- Create a Web Content Article
- Edit the <> Source Code and add the payload:
synack<img src=x onerror=alert(location)>
- Publish
- Attempt to edit/preview the article and observe that a pop-up window appears containing what appears to be a patch to the article.
Resolution
- This behavior has been addressed in LPE-17988. Please request a hotfix including this LPE to resolve the behavior.
did-this-article-resolve-your-issue
