Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permanent XSS attack through Report's Name field #140

Closed
bernatgs opened this issue Dec 21, 2018 · 5 comments
Closed

Permanent XSS attack through Report's Name field #140

bernatgs opened this issue Dec 21, 2018 · 5 comments
Assignees
@jreznot @glebfox @natfirst
Labels
client: web severity: major The defect affects major functionality. It has a workaround but is difficult. state: fixed Fixed by the developer type: security ver: 6.8.15 Fixed in version ver: 6.9.8 Fixed in version ver: 6.10.7 Fixed in version
Milestone
Release 6.8

Comments

@bernatgs
Copy link

Environment

  • Platform version: 6.9.10
  • Client type: Web
  • Browser: tested in Firefox and Chrome

Description of the bug or enhancement

  • Login and navigate to Reports > Reports
  • Click Create > New
  • In the name field, type <img src=x onerror="alert('persistent XSS attack')";>
  • Click Save and close
  • Edit the newly created report by double-click or click & Edit
  • Hover mouse over the tab with the text Edit report "<img src=x o...

imagen

  • Expected behavior: nothing happens
  • Actual behavior: javascript code is executed

imagen
@bernatgs bernatgs changed the title Permanent XSS attack through Permanent XSS attack through Report's Name field Dec 21, 2018
@jreznot jreznot added this to the Release 6.10 milestone Dec 22, 2018
@jreznot jreznot added the severity: major The defect affects major functionality. It has a workaround but is difficult. label Dec 22, 2018
@jreznot jreznot modified the milestones: Release 6.10, Release 6.9 Dec 22, 2018
@bernatgs
Copy link
Author

bernatgs commented Jan 3, 2019

This vulnerability was discovered by @juanrafaelvillen, please contact him for any question or comment.

@jreznot
Copy link
Contributor

jreznot commented Jan 3, 2019

Hi, we are working on this. Thank you for reporting the security problem.

@jreznot jreznot self-assigned this Jan 3, 2019
@glebfox glebfox mentioned this issue Jan 9, 2019
Closed
@glebfox
Copy link
Member

glebfox commented Jan 9, 2019

Fixed in cuba-platform/cuba#1741

@jreznot jreznot modified the milestones: Release 6.9, Release 6.8 Jan 9, 2019
@glebfox glebfox added ver: 6.9.8 Fixed in version ver: 6.8.15 Fixed in version ver: 6.10.7 Fixed in version labels Jan 9, 2019
@natfirst natfirst added the state: fixed Fixed by the developer label Jan 10, 2019
@evgenypopov2
Copy link

Tell me please how can I block the vulnerability in 6.3.4 CUBA platform version? Unfortunately upgrade to 6.8-6.10 is not possible.

@jreznot
Copy link
Contributor

jreznot commented Mar 4, 2019

Please use forum for discussions and questions. Answered here: https://www.cuba-platform.com/discuss/t/mitigate-xss-vulnerability-in-reports-version-6-3-4/8378

@jreznot jreznot mentioned this issue Apr 2, 2019
Closed
@bernatgs bernatgs mentioned this issue Oct 29, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jreznot jreznot

@glebfox glebfox

@natfirst natfirst

Labels
client: web severity: major The defect affects major functionality. It has a workaround but is difficult. state: fixed Fixed by the developer type: security ver: 6.8.15 Fixed in version ver: 6.9.8 Fixed in version ver: 6.10.7 Fixed in version
Projects
None yet
Milestone
Release 6.8
Development

No branches or pull requests
5 participants
@jreznot @bernatgs @glebfox @natfirst @evgenypopov2