id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc
1658	XSS Injection with img tag	fanfarian		"Hi there,

If you use:
{{{
<img src=""image.jpg"" onload=""alert('valid cross-site scripting');"" />
}}}
there is a XSS Injection possible.[[BR]]
Enter this into the source code of an FCK window, just preview the Site and the JS executes.

Browser: Firefox 2.0.0.11 (latest)[[BR]]
OS: WinXP SP2[[BR]]
FCKG: Version 2.5 Build 17352[[BR]]
Using FCK with PHP5 [[BR]]


cheers[[BR]]
fanfarian
"	Bug	closed	Normal		General	FCKeditor 2.5	invalid	Pending