WARNING Javascript Injection possible!
-
How to reproduce:
- Go to an contact-form-7 form in the frontend.
- Add the following code into i.e. an textarea field:
this is a <script>alert('TEST')</script>
- Submit the form.
- Go to Backend, into “Advanced CF7 DB”, select the your submitted form
- Edit the entry you just submitted
Expected Behaviour: you can edit the submitted text, the “<” and “>” are html_encoded.
Actual Behaviour: the alert message pops up.
- The topic ‘WARNING Javascript Injection possible!’ is closed to new replies.