New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Stored XSS while creating a new user #205
Comments
All other common user input fields look properly sanitized. I think the name field is not passed through htmlspecialchars(). Can someone confirm this ? |
Looking into this! |
…revent XSS injection by admins. #205
Thanks for the bug report -- it looks like names and company names weren't being properly htmlspecialchar'd before inserting them into the database. That should be fixed in the referenced commit above! |
For reference CVE request for this vulnerability was done in oss-security mailing list http://www.openwall.com/lists/oss-security/2015/06/26/5 but never assigned as far as I know. |
Hello everyone,
While creating a new user, give a valid email, provide the name as name"><svg onload="alert(2)"; and save the user with a valid password. When we go to view users again, it will trigger the XSS.
The payload gets directly saved into the database and is executed when we go to the view users page. This happens because the name field is not properly sanitized before saving the data into the database.
The text was updated successfully, but these errors were encountered: