JavaScript Injection / ImageScript Injection

Hi,

currently it is possible to inject JS-Code into some COT-Fields and this code is executet on the client.

e.g.

or

This injection is a open door for some greater hacks. Is there some mitigation to this problem?
1 person has
this problem
+1
Reply