Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Latest version of snorby is vulnerable to cross-site scripting attack. These are the steps to reproduce the bug:
The output from the page snorby/app/views/events/_menu.html.erb is not properly sanitized before its rendering:
<% @classifications.each do |cls| %> <% if cls.locked && cls.hotkey %> <%= drop_down_item "#{cls.name}#{cls.shortcut}", '#', nil, { :class => 'classification', :"data-classification-id" => cls.id.to_i } %> <% else %> <%= drop_down_item "#{cls.name}", '#', nil, { :class => 'classification', :"data-classification-id" => cls.id.to_i } %> <% end %> <% end %>
A simple XSS mitigation on rails could be the usage of the sanitize, for example the code below filters the xss vector by removing the onerror attribute from the image tag:
<% @classifications.each do |cls| %> <% if cls.locked && cls.hotkey %> <%= drop_down_item "#{sanitize cls.name}#{cls.shortcut}", '#', nil, { :class => 'classification', :"data-classification-id" => cls.id.to_i } %> <% else %> <%= drop_down_item "#{sanitize cls.name}", '#', nil, { :class => 'classification', :"data-classification-id" => cls.id.to_i } %> <% end %> <% end %>
This is a demonstartion screenshot:
The text was updated successfully, but these errors were encountered:
Thanks for the detailed report. I confirmed this was a problem and pushed a fix.
Sorry, something went wrong.
No branches or pull requests
Latest version of snorby is vulnerable to cross-site scripting attack.
These are the steps to reproduce the bug:
The output from the page snorby/app/views/events/_menu.html.erb is not properly sanitized before its rendering:
<% @classifications.each do |cls| %> <% if cls.locked && cls.hotkey %> <%= drop_down_item "#{cls.name}#{cls.shortcut}", '#', nil, { :class => 'classification', :"data-classification-id" => cls.id.to_i } %> <% else %> <%= drop_down_item "#{cls.name}", '#', nil, { :class => 'classification', :"data-classification-id" => cls.id.to_i } %> <% end %> <% end %>A simple XSS mitigation on rails could be the usage of the sanitize, for example the code below filters the xss vector by removing the onerror attribute from the image tag:
<% @classifications.each do |cls| %> <% if cls.locked && cls.hotkey %> <%= drop_down_item "#{sanitize cls.name}#{cls.shortcut}", '#', nil, { :class => 'classification', :"data-classification-id" => cls.id.to_i } %> <% else %> <%= drop_down_item "#{sanitize cls.name}", '#', nil, { :class => 'classification', :"data-classification-id" => cls.id.to_i } %> <% end %> <% end %>This is a demonstartion screenshot:
The text was updated successfully, but these errors were encountered: