Hugging Face's logo

Spaces:
attacker-exploiting-everyone
/
testingspace
Running

App Files Community
3
testingspace / hello.md
datoto9019's picture
datoto9019
Create hello.md
e2fc407 verified
preview code
|
raw
history blame
408 Bytes

Malicious Markdown File

XSS Injection via HTML Tags

Click on this link:

Click me!

Malicious Image

![Evil Image](javascript:alert('Image XSS Vulnerability!'))

Inline Script Injection in Link

[Click Here](javascript:alert('XSS from Link!'))

Code Block Execution