xss - Reflected Cross Site Scripting issue

[webhamm]

How to reproduce

1. Navigate to the below URL.
   http://wysibb.com/demo/
2. Click on “Insert image” button.
3. Enter this below payload in input field and click on “Save” button.
   https://test.github.com/test/?">.jpg
4. Now Again click on "save” button.
5. Observe that an alert box is displayed in the browser which proves Reflected
   Cross Site Scripting.

[webhamm]

https://test.github.com/test/?"><iMg src=N onerror=alert(document.cookie)>.jpg

[Q8hma]

this is the code
.replace(/\&lt;/g,"<").replace(/\&gt;/g,">").replace(/\&#123;/g,"{").replace(/\&#125;/g,"}");

but where to put it :)

[neuoy]

To turn this into an actual XSS attack, you have to make the server accept and publish your bbcode ; so I'm not sure where WysiBB is concerned by this issue. Isn't the server-side parser + conversion to HTML that must be secure enough to detect such attacks? Unless you want to trick a user into copy/pasting your image link in the editor (but then you could also trick him into pasting javascript code in the browser console...)