Exploiting XSS via Markdown
I recently came across a web application in which I was able to exploit a Cross-Site Scripting (XSS) vulnerability through a markdown editor and rendering package. It was the first time I had come across this type of vulnerability, and I found it particularly interesting because it allowed me to bypass multiple layers of XSS filtering that was implemented in the application. Here’s a short article on how I came across the vulnerability and set about crafting an exploit....