Stored XSS while creating a new user #205
Comments
a0xnirudh
changed the title
|
All other common user input fields look properly sanitized. I think the name field is not passed through htmlspecialchars(). Can someone confirm this ? |
|
Looking into this! |
timbuckingham
added a commit
that referenced
this issue
Jun 26, 2015
…revent XSS injection by admins. #205
|
Thanks for the bug report -- it looks like names and company names weren't being properly htmlspecialchar'd before inserting them into the database. That should be fixed in the referenced commit above! |
|
For reference CVE request for this vulnerability was done in oss-security mailing list http://www.openwall.com/lists/oss-security/2015/06/26/5 but never assigned as far as I know. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello everyone,
While creating a new user, give a valid email, provide the name as name"><svg onload="alert(2)"; and save the user with a valid password. When we go to view users again, it will trigger the XSS.
The payload gets directly saved into the database and is executed when we go to the view users page. This happens because the name field is not properly sanitized before saving the data into the database.
The text was updated successfully, but these errors were encountered: