"><img Src =q Onerror=prompt(8)> May 2026

The following example illustrates the vulnerability:

The "onError" attribute in HTML is used to specify a JavaScript function to be executed when an image fails to load. However, this attribute can also be exploited to execute arbitrary JavaScript code, potentially leading to security vulnerabilities. "><img src =q onError=prompt(8)>

<img src="q" onError="prompt(8)"> In this example, the image tag attempts to load an image from a non-existent URL "q". Since the image fails to load, the JavaScript code in the "onError" attribute is executed, displaying a prompt box with the message "8". potentially leading to security vulnerabilities. &lt