Ticket ID: 21913
|
Creation Date: 8/24/2015 8:24 AM
|
Product: SiteKiosk Classic Windows
|
Attachment: -
|
TicketType: Support Request
|
Version: -
|
Language: English
|
Views: 36078
|
Last Modification Date: 9/22/2015 9:49 AM
|
Platform:
Windows
|
|
Level: Closed
|
IE: 8.0 |
|
Bug Status: Not Fixed
|
User account: Unknown
|
Bug Frequency: Unknown
|
|
Support Request: Hong Kong International Airport Sitekiosk Browser can perform a XSS attack
Reproduction
Set a JavaScript filter
With the default setting, the browser blocked 'JavaScript:' that don't allow us to run custom JavaScript code. Unfortunately, we found that we can run custom JavaScript with the 'about:' page.
Example: <script>alert("XSS")</script>
thank you