You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Sorry for being a bit vague.
I have identified some deployments of Kiwix that do not redirect arbitrary path to content path and therefore are vulnerable to XSS injection.
Deployment like this would trigger an XXS with eg. payload: https://kiwix.example.domain/%22%3E%3Cimg%20src=X%20onerror=alert(1)%3E https://library.kiwix.org/%22%3E%3Cimg%20src=X%20onerror=alert(1)%3E
library.kiwix.org redirects correctly to content path where the input is correctly sanitized. https://library.kiwix.org/content/%22%3E%3Cimg%20src=X%20onerror=alert(1)%3E
What would be a solution to redirect the path to content? Is there a missing configuration? Since I have identified several deployments with this kind of issue then the deployment process might need updating to avoid the misconfiguration.
The text was updated successfully, but these errors were encountered:
There was a (unknown at the time) bug in previous version where we was vulnerable to XSS injection.
With the introduction of the js viewer we have "fixed" this issue as we now correctly "sanitize" the input.
The fix is not especially related to the js viewer. Just that we have done things better when coding the /content endpoint.
Sorry for being a bit vague.
I have identified some deployments of Kiwix that do not redirect arbitrary path to
content
path and therefore are vulnerable to XSS injection.Deployment like this would trigger an XXS with eg. payload:
https://kiwix.example.domain/%22%3E%3Cimg%20src=X%20onerror=alert(1)%3E
https://library.kiwix.org/%22%3E%3Cimg%20src=X%20onerror=alert(1)%3E
library.kiwix.org
redirects correctly tocontent
path where the input is correctly sanitized.https://library.kiwix.org/content/%22%3E%3Cimg%20src=X%20onerror=alert(1)%3E
What would be a solution to redirect the path to
content
? Is there a missing configuration? Since I have identified several deployments with this kind of issue then the deployment process might need updating to avoid the misconfiguration.The text was updated successfully, but these errors were encountered: