-
Notifications
You must be signed in to change notification settings - Fork 462
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
xss in dotcmsV5.0.1 #15274
Comments
|
PR: #15278 |
|
Tried to access several urls under /htm/* Everything else will enforce user authentication. Also tried opening an invalid url under /html/* and then login my self out. Once the session is closed. The url autmatically becomes restricted again. |
|
As a side note these URLs are case sensitive. so for example Note that the first url says Html while the second one says html. https://demo4.dotcms.com/Html/portlet/ext/contentlet/image_tools/index.jsp |
|
This case will affect, we need be case insensitive in that case and redirect to the correct page |
|
@fabrizzio-dotCMS nice catch! |
|
PR: #15321 |
|
Fixed, tested on master and works fine |
|
Please note this issue also affects the 3.x and 4.x versions. Looking at the commits it looks like the chosen solution is to mandate authentication for these urls. Wouldn't that leave logged in users still vulnerable? |
|
This is still an issue for logged in users. |
Current Behavior
dotcms V5.0.1 exists xss in /html/portlet/ext/contentlet/image_tools/index.jsp parameter "fieldName" and "inode"
Steps to Reproduce (for bugs)
just visite the url:

http://website/html/portlet/ext/contentlet/image_tools/index.jsp?fieldName=1%22%20%6f%6e%65%72%72%6f%72%3d%61%6c%65%72%74%28%27%31%27%29%20%3e&inode=How to fix: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
The text was updated successfully, but these errors were encountered: