Permalink
Browse files

fix: Fixed a reflected XSS in the sharing group creator tool

- Fixed a reflected XSS in the sharing group editor that requires malicious organisation names

- Low impact due to the following requirements:
  - organisation names with malicious org names (JS in the orgname)
  - sharing group editor user has to manually add an organisation to the list that has javascript in the org name
  - only vulnerable view is the editor itself, so the impact is limited to
    users that manually add organisations with malicious names to the list themselves / edit such sharing groups

- As reported by Dawid Czarnecki
  • Loading branch information...
iglocska committed Nov 13, 2017
1 parent 9c068f4 commit a659664447a7b2a383cb9e0f6b43dcb43ec69194
Showing with 2 additions and 2 deletions.
  1. +1 −1 app/Controller/AppController.php
  2. +1 −1 app/webroot/js/misp.js
@@ -46,7 +46,7 @@ class AppController extends Controller {
public $helpers = array('Utility');
private $__queryVersion = '23';
private $__queryVersion = '24';
public $pyMispVersion = '2.4.82';
public $phpmin = '5.6.5';
public $phprec = '7.0.16';
View
@@ -2058,7 +2058,7 @@ function sharingGroupPopulateOrganisations() {
organisations.forEach(function(org) {
html = '<tr id="orgRow' + id + '" class="orgRow">';
html += '<td class="short">' + org.type + '&nbsp;</td>';
html += '<td>' + org.name + '&nbsp;</td>';
html += '<td>' + $('<div>').text(org.name).html() + '&nbsp;</td>';
html += '<td>' + org.uuid + '&nbsp;</td>';
html += '<td class="short" style="text-align:center;">';
if (org.removable == 1) {

0 comments on commit a659664

Please sign in to comment.