Malicious mailto link
This is a demonstration page for a XSS vulnerability that is caused by careless usage of eval() in a Greasemonkey script. Go here for details.
Usage:
- Install Greasemonkey.
- Install the vulnerable userscript.
- Reload this page. If everything worked ok, you should be greeted with a JavaScript alert()-box.
Links:
- Original URL of the userscript (the issue is to be fixed).
- Here is a local copy of the vulnerable userscript, in case you want to try out the problem yourself.