New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

External search does not properly escape user supplied data, resulting in vulnerability (Origin: bugzilla #762934) #5961

doxygen opened this Issue Jul 2, 2018 · 0 comments


None yet
1 participant

doxygen commented Jul 2, 2018

status RESOLVED severity normal in component general for ---
Reported in version 1.8.10 on platform Other
Assigned to: Dimitri van Heesch

On 2016-03-01 17:31:48 +0000, wrote:

We used server-side searching (both SEARCHENGINE and SERVER_BASED_SEARCH are YES in the config file and EXTERNAL_SEARCH is NO), and had our cyber security guys check for vulnerabilities in the generated HTML.

The assessment showed "an injection vulnerability allowing me to exploit reflected XSS (a vulnerability that an attacker could use to launch attacks against the website, or other users), and iframe injection (a vulnerability that allows an attacker to import a website of their choice and/or under their control)."

The problem appears to be in search_opensearch.php, where the user-supplied data is not properly escaped.

On 2016-03-25 18:57:49 +0000, Dimitri van Heesch wrote:

Confirmed. Should be fixed in the next GIT update.

On 2016-09-05 13:45:13 +0000, Dimitri van Heesch wrote:

This bug was previously marked ASSIGNED, which means it should be fixed in
doxygen version 1.8.12. Please verify if this is indeed the case. Reopen the
bug if you think it is not fixed and please include any additional information
that you think can be relevant (preferably in the form of a self-contained example).

@doxygen doxygen closed this Jul 2, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment