XSS via HTML5 Events All over again

XSS via HTML5 Events All over again

Back in 2018 I wrote a post about finding and exploiting XSS using the new(ish) event handlers in HTML 5. Those techniques paid out recently and I thought I'd write up the situation. Using the lists provided in the earlier post I discovered the application allowed an "SVG" tag. Within that tag it allowed the… Continue reading XSS via HTML5 Events All over again