Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security Issue - XSS - CVE-2015-2796 #37

Closed
jaydipdave opened this issue Mar 31, 2015 · 6 comments
Closed

Security Issue - XSS - CVE-2015-2796 #37

jaydipdave opened this issue Mar 31, 2015 · 6 comments
Assignees

Comments

@jaydipdave
Copy link

An attacker can pass this URL (with XSS payload) to a victim (user of ProjectPier) and can make the victim to perform some tasks or can infect the user. The vulnerability is XSS

http://www.prop.com/public/index.php?c=project&a=search&active_project=1&search_for=%3Cscript%3Ealert%28420%29%3B%3C%2Fscript%3E

The search_for parameter is not getting sanitized. You can use CVE-2015-2796 cve-id in your announcements when you fix this vulnerability.

Thanks,
Jaydeep

@JonDeG
Copy link
Contributor

JonDeG commented Apr 2, 2015

Acknowledging receipt, thanks for reporting. Reporting it privately would have been appreciated.

@JonDeG
Copy link
Contributor

JonDeG commented Apr 2, 2015

Proposed fix committed, would appreciate someone verifying ASAP.

@jaydipdave
Copy link
Author

Extremely sorry, I searched for "Private Message" option on github, but couldn't find it. So posted here.

I am verifying it now.

@jaydipdave
Copy link
Author

Verified. Issue is fixed.

Thanks.

@JonDeG
Copy link
Contributor

JonDeG commented Apr 3, 2015

No problem, it is mitigated by the fact that the user has to be logged in and it turned out to be an easy fix. Also, did you also post this: #29 ? That person never got back to me and I was wondering if it was the same issue. Thx.

@jaydipdave
Copy link
Author

Nope, I didn't post #29. May be the same issue. By the way, I audited
Project Pier for SQL and XSS but couldn't find anything other than this.

On Thu, Apr 2, 2015 at 8:10 PM, JonDeG notifications@github.com wrote:

No problem, it is mitigated by the fact that the user has to be logged in
and it turned out to be an easy fix. Also, did you also post this: #29
#29 ? That
person never got back to me and I was wondering if it was the same issue.
Thx.


Reply to this email directly or view it on GitHub
#37 (comment)
.

JonDeG added a commit that referenced this issue Apr 3, 2015
Commit to fix Security Issue - XSS - CVE-2015-2796 reference issue #37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants