Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security bug - Reflected XSS #53

Closed
Fadavvi opened this issue Oct 22, 2018 · 3 comments
Closed

Security bug - Reflected XSS #53

Fadavvi opened this issue Oct 22, 2018 · 3 comments

Comments

@Fadavvi
Copy link

Fadavvi commented Oct 22, 2018

Hi,

I try to register on your forum for reporting this bug, but my registration request didn't responded.
so:

Bug Title: Reflected XSS

Product(s): MailCleaner CE 2018.08 & MailCleaner CE 2018.09

Tested on: Centos7/Firefox & Win10/Firefox

PoC URI: https://[IP]/admin/login/user/message/%3Csvg%20onload=alert(%22@darknetguy%22)%3E

BR,

Milad Fadavvi

@0xMentorNotAPseudo
Copy link
Contributor

Dear Fadavvi,

Thank you for your report.
Our team are looking at your POC and will let you know.

Best Regards,
Mentor Reka

@0xMentorNotAPseudo
Copy link
Contributor

Hi,

I confirm your bug. I'll deploy in few minutes a bug fix.
Last but not least, for people looking at this issue and wanting to test the POC, you need to disable the XSS Auditor if you are using a modern and up-to-date browser.

Thank you again for your contribution @Fadavvi !

Best Regards,
Mentor Reka

0xMentorNotAPseudo added a commit that referenced this issue Oct 24, 2018
Bug fix of a XSS issue on MailCleaner login (administration) interface. See issue #53 
The "message" parameter was only used for the logoutAction(). However, the parameter was not checked and not escaped.
@0xMentorNotAPseudo
Copy link
Contributor

The fix was published on the master branch. See 5f90a52

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants