Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cross-site scripting vulnerability #444

Closed
fgeek opened this issue Dec 30, 2015 · 14 comments

Comments

Projects
None yet
4 participants
@fgeek
Copy link

commented Dec 30, 2015

Hello,

Cross-site scripting vulnerability has been announced in full disclosure mailing list.

According to this Curesec advisory timeline they were unable to contact you:

11/17/2015 Informed Vendor about Issue (no reply)
12/10/2015 Reminded Vendor of Disclosure Date (no reply)
12/21/2015 Disclosed to public

Issue can be reproduced with following URL:

http://localhost/esoTalk-1.0.0g4/conversations/a'";><img src=no onerror=alert(1)>?search=test

Do you have plans to fix this security vulnerability? If you do not plan to fix vulnerabilities in esoTalk please mention it in the README or similar, thank you. As far as I can tell this issue does not yet have CVE identifier assigned. Have you request it?

@tobscure tobscure closed this in b938c39 Jan 1, 2016

@tobscure

This comment has been minimized.

Copy link
Member

commented Jan 1, 2016

Thanks for reporting this. I never got an email... my @esotalk.org address might be broken, I'll look into it.

@fgeek

This comment has been minimized.

Copy link
Author

commented Jan 3, 2016

@inliquid

This comment has been minimized.

Copy link
Contributor

commented Jan 5, 2016

What should I do to reproduce this?
Tried on my 1.0.0g4 - doesn't work
http://localhost/esoTalk-1.0.0g4/conversations/a'";><img src=no onerror=alert(1)>?search=test

@inliquid

This comment has been minimized.

Copy link
Contributor

commented Jan 5, 2016

Sorry guys but I can't understand and reproduce the case you were fixing. Anyways - I have applied these changes.

However, I found another XSS bug (with the above commit in place).

1

@fgeek

This comment has been minimized.

Copy link
Author

commented Jan 5, 2016

Good that you found more issues. @tobscure can you fix that one too?

I was also planning to perform security testing for esoTalk codebase when I have spare time in near future.

@7php

This comment has been minimized.

Copy link

commented Jan 5, 2016

@fgeek thanks for all your good intentions
@tobscure thank you for still looking into this..

A quick question btw for @tobscure

  • Did you use nested set model or adjacency model with the hierarchical data for esoTalk?
    (Sorry I tried emailing you as well, but in vain)
@inliquid

This comment has been minimized.

Copy link
Contributor

commented Jan 5, 2016

This should help develop...inliquid:patch-1

@tobscure tobscure referenced this issue Jan 5, 2016

Merged

XSS fix #445

@tobscure

This comment has been minimized.

Copy link
Member

commented Jan 5, 2016

Thanks @inliquid

@tobscure

This comment has been minimized.

Copy link
Member

commented Jan 5, 2016

@7php nested set model

@7php

This comment has been minimized.

Copy link

commented Jan 5, 2016

awesome, thanks @tobscure !

@fgeek

This comment has been minimized.

Copy link
Author

commented Jan 6, 2016

Tried on my 1.0.0g4 - doesn't work

@inliquid I was able to reproduce this cross-site scripting vulnerability without problems e.g. when using logged in administrator account.

@inliquid

This comment has been minimized.

Copy link
Contributor

commented Jan 6, 2016

@fgeek maybe it wasn't working because of some of my plugins.

@fgeek

This comment has been minimized.

Copy link
Author

commented Jan 8, 2016

@tobscure I have sent email to your Gmail address in your GitHub profile. Did you receive it?

@fgeek

This comment has been minimized.

Copy link
Author

commented Apr 29, 2019

MITRE assigned CVE-2015-9285 for this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.