You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Insert an XSS into SEOTools::setTitle(); or SEOTools::setDescription();
View Site
<script type="application/ld+json">{"@context":"https://schema.org","@type":"WebPage","name":"<script>alert(0)</script> on Bazaar","description":"<script>alert(0)</script> on Bazaar in Custom at Aug 1, 2024 with: xxx","image":"https://blobs-infiniteugc.svc.halowaypoint.com/ugcstorage/map/298d5036-cd43-47b3-a4bd-31e127566593/5546a6ec-841d-4955-be7a-5f32c3ac0428/images/thumbnail.png"}</script>
What is the expected result?
Nothing happens, but encoded text.
What do you get instead?
An XSS
Additional info
Q
A
This Package Version
1.3.1
Laravel Framework Version
11.x
Should the package be cleansing data prior to writing to tags? Or is it up to me to cleanse data prior to injecting into library?
The text was updated successfully, but these errors were encountered:
What steps will reproduce the problem?
SEOTools::setTitle();orSEOTools::setDescription();What is the expected result?
What do you get instead?
Additional info
Should the package be cleansing data prior to writing to tags? Or is it up to me to cleanse data prior to injecting into library?
The text was updated successfully, but these errors were encountered: