Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reflected XSS in search query #2339

Closed
dayn1ne opened this issue Jul 16, 2019 · 4 comments

Comments

@dayn1ne
Copy link

commented Jul 16, 2019

Description
Current version of Firefly III Version 4.7.17.2 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in search query. Malicious attacker can create specially crafted request, which contains javascript code in it. Malicious javascript code will be executed when user open this link.

This can be easely reproduced in Mozilla Firefox and if you want to reproduce it in Chrome you should first turn off XSS auditor in IT

Request
http://insert your host here/search?q=%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E

PoC image
Screenshot 2019-07-16 at 12 24 51

@JC5

This comment has been minimized.

Copy link
Member

commented Jul 16, 2019

Thanks, I'll pick it up tonight.

@JC5

This comment has been minimized.

Copy link
Member

commented Jul 16, 2019

Fixed by escaping the query.

@JC5 JC5 closed this in f795cb0 Jul 16, 2019

@JC5 JC5 added bug fixed labels Jul 16, 2019

@JC5

This comment has been minimized.

@JC5 JC5 reopened this Jul 16, 2019

@dayn1ne

This comment has been minimized.

Copy link
Author

commented Jul 17, 2019

Confirm, bug is not reproducible anymore

@JC5 JC5 closed this Aug 3, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.