Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[FIXED] Markdown XSS in loomio before 1.8.0 #4220

Closed
Framartin opened this issue Jul 21, 2017 · 1 comment
Closed

[FIXED] Markdown XSS in loomio before 1.8.0 #4220

Framartin opened this issue Jul 21, 2017 · 1 comment

Comments

@Framartin
Copy link

Framartin commented Jul 21, 2017

For transparency reason, the email I sent to Loomio maintainers on March 2, 2017 is reproduced below. This XSS vulnerability was fixed by this commit: 63973f7
This fix was shipped with Loomio v1.8.0

Hello,

I just found an XSS vulnerability in Loomio.

How to reproduce

  • A malicious user creates an new thread
  • In the description, (s)he enters: [my link](javascript:alert('xss'))
  • The targeted user visits the thread and clicks on the malicious link
  • The JS payload is executed

How to fix

"href" content should be sanitized

I found this vulnerability because I'm currently and voluntarily
searching for XSS vulnerabilities in the services that we offer or use
at the French non-profit association Framasoft.

I remain available for any additional comments or questions.

Best,
Martin

Thanks to the Loomio developers for the fix.

Edit: Note that it was also possible to exploit this vulnerability by posting a comment inside a thread.

@Framartin
Copy link
Author

CVE-2017-11594 is attributed to this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant