Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

XSS vulnerability #431

Closed
Ekzorcist opened this issue Jun 10, 2018 · 4 comments · Fixed by #558
Closed

XSS vulnerability #431

Ekzorcist opened this issue Jun 10, 2018 · 4 comments · Fixed by #558
Assignees
@matthewwardrop
Labels
security
Milestone
Next

Comments

@Ekzorcist
Copy link

Auto-reviewers: @NiharikaRay @matthewwardrop @earthmancash @danfrankj

Hello, guys!

There is a cross-site scripting (XSS) vulnerability in the Knowledge Repo 0.7.4 (other versions may be affected as well) which allows remote attackers to inject arbitrary JavaScript via post comments functionality.

Steps to reproduce:
Just open any post like this https://site.com/post/posts/new_report.kp
and add the following code as a comment/PoC:

<script>alert("Client side attacks is possible here!");</script>

Impact: An unauthenticated evil user can leverage the vulnerability to conduct various types of client side attacks, for example, conducting a browser mining, redirecting users to malicious sites or hijacking the user’s browser using malware.

As an irrefutable evidence please take a look at the attached screen-shot.

Mitigation: Details on how to prevent XSS can be found here: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet

PoC:
xss
@matthewwardrop
Copy link
Collaborator

Thanks Ekzorcist. I'll make sure this gets fixed before the next release :).

@matthewwardrop matthewwardrop self-assigned this Jul 8, 2018
@matthewwardrop matthewwardrop added this to the Next milestone Jul 8, 2018
@fahrishb
Copy link

XSS is also present on 0.7.6

@therealsphinx
Copy link

Is this one fixed @fahrishb?

@naoyak
Copy link
Collaborator

naoyak commented May 28, 2020

Also raised in #254. We should prioritize fixing this.

@naoyak naoyak mentioned this issue May 30, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@matthewwardrop matthewwardrop

Labels
security
Projects
None yet
Milestone
Next
Development

Successfully merging a pull request may close this issue.

Fix XSS vulnerability by escaping comments airbnb/knowledge-repo
5 participants
@matthewwardrop @naoyak @Ekzorcist @therealsphinx @fahrishb