In the latest version.It allows XSS attack, which lead to any Javascript Code execution. Such as any url redirect, and send comment without Verification code

[MiluOWO]

An issue was discovered in Valine v1.3.10. It allows XSS attack, which lead to any Javascript Code execution. Such as any url redirect.

1. XSS

payload:

<details open ontoggle=top[8680439..toString(30)](1);>

When the payload is pasted in comment area, the js code is repeat executed, and if you post it with Burp or any tools, this payload will become a storage xss in this page.

By this xss, you can direct any url you want.

payload:

<details open ontoggle=window.location.replace('https://www.google.com');>

Fix the vulnerability: please use html entity encode

2. bypass Verification code to send comment

In this comment system, if you catch this http data pack, you can send any comment without verification code. Even you can fake you comment time、ua、..etc

[xCss]

Received and will be fixed in the near future. Thanks for feedback

[xCss]

fixes in v1.4.0