For transparency reason, the email I sent to Loomio maintainers on March 2, 2017 is reproduced below. This XSS vulnerability was fixed by this commit: 63973f7
This fix was shipped with Loomio v1.8.0
Hello,
I just found an XSS vulnerability in Loomio.
How to reproduce
A malicious user creates an new thread
In the description, (s)he enters: [my link](javascript:alert('xss'))
The targeted user visits the thread and clicks on the malicious link
The JS payload is executed
How to fix
"href" content should be sanitized
I found this vulnerability because I'm currently and voluntarily
searching for XSS vulnerabilities in the services that we offer or use
at the French non-profit association Framasoft.
I remain available for any additional comments or questions.
Best,
Martin
Thanks to the Loomio developers for the fix.
Edit: Note that it was also possible to exploit this vulnerability by posting a comment inside a thread.
The text was updated successfully, but these errors were encountered:
For transparency reason, the email I sent to Loomio maintainers on March 2, 2017 is reproduced below. This XSS vulnerability was fixed by this commit: 63973f7
This fix was shipped with Loomio v1.8.0
Thanks to the Loomio developers for the fix.
Edit: Note that it was also possible to exploit this vulnerability by posting a comment inside a thread.
The text was updated successfully, but these errors were encountered: