Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[FIXED] Markdown XSS in loomio before 1.8.0 #4220

Closed
Framartin opened this issue Jul 21, 2017 · 1 comment

Comments

Projects
None yet
1 participant
@Framartin
Copy link

commented Jul 21, 2017

For transparency reason, the email I sent to Loomio maintainers on March 2, 2017 is reproduced below. This XSS vulnerability was fixed by this commit: 63973f7
This fix was shipped with Loomio v1.8.0

Hello,

I just found an XSS vulnerability in Loomio.

How to reproduce

  • A malicious user creates an new thread
  • In the description, (s)he enters: [my link](javascript:alert('xss'))
  • The targeted user visits the thread and clicks on the malicious link
  • The JS payload is executed

How to fix

"href" content should be sanitized

I found this vulnerability because I'm currently and voluntarily
searching for XSS vulnerabilities in the services that we offer or use
at the French non-profit association Framasoft.

I remain available for any additional comments or questions.

Best,
Martin

Thanks to the Loomio developers for the fix.

Edit: Note that it was also possible to exploit this vulnerability by posting a comment inside a thread.

@Framartin Framartin closed this Jul 21, 2017

@Framartin

This comment has been minimized.

Copy link
Author

commented Jul 24, 2017

CVE-2017-11594 is attributed to this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.