You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm making an executive decision to publicly disclose this known XSS vulnerability, before anyone else comments on that aspect of things.
Originally reported in September 2015 and again sometime in 2016 by CYBER WARR?OR BUG RES. - AaCcTt and Kenan Genç - ZerOne
The search-user parameter used on the /users route is vulnerable to XSS, confirmable via https://issues.joomla.org/users?search-user=%22%3E%3Cimg+src%3Dx+onerror%3Dprompt(1)%3E.
This issue has ONLY been confirmed on the live hosting server. I cannot replicate this in my local environment nor on other hosting platforms I have deployed the tracker to specifically to validate this.
I am making this issue public now because after a year looking at this on and off and having independent reports of the issue, I cannot confirm it in any environment except the live hosting platform and neither myself nor active JSST members have identified a code fix for this. I feel that the security risk of this issue at this time is not of such severity that it is a high risk to disclose unfixed.
The text was updated successfully, but these errors were encountered:
This isn't a CMS install. There is no FPA report to be generated. All of the code on the server can be found in this repository or installed via composer install (for the third party dependencies).
I'm making an executive decision to publicly disclose this known XSS vulnerability, before anyone else comments on that aspect of things.
Originally reported in September 2015 and again sometime in 2016 by
CYBER WARR?OR BUG RES. - AaCcTt
andKenan Genç - ZerOne
The
search-user
parameter used on the/users
route is vulnerable to XSS, confirmable viahttps://issues.joomla.org/users?search-user=%22%3E%3Cimg+src%3Dx+onerror%3Dprompt(1)%3E
.This issue has ONLY been confirmed on the live hosting server. I cannot replicate this in my local environment nor on other hosting platforms I have deployed the tracker to specifically to validate this.
I can independently confirm that there is not a higher level vulnerability in the Joomla! Framework. https://issues.joomla.org/xte.php demonstrates this, the script that is executed can be found at https://gist.github.com/mbabker/423302220d26769a169bf56506e7ae5a.
I am making this issue public now because after a year looking at this on and off and having independent reports of the issue, I cannot confirm it in any environment except the live hosting platform and neither myself nor active JSST members have identified a code fix for this. I feel that the security risk of this issue at this time is not of such severity that it is a high risk to disclose unfixed.
The text was updated successfully, but these errors were encountered: