New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Multiple XSS vulnerabilities on search module #676

Closed
nashe opened this Issue Mar 11, 2016 · 2 comments

Comments

Projects
None yet
2 participants
@nashe

nashe commented Mar 11, 2016

Aloha,

I stumbled upon at least 3 HTML injection possibilities while making a search in Transvision.

If you open this link, you'll get 3 alerts. It's at least included in the top menu, the search input and the sentence giving the equivalent request if made on the API.

On a first time, I was believing that the impact is very low since there is no administration panel or user accounts for this website: the vulnerability would be only used to create phishing pages using your subdomain ou like an open redirect - see OWASP articles for both).

But it appears that the website is hosted on a .mozfr.org subdomain, so this vulnerability can be used to steal cookies from other subdomains, like the wiki of the forums, and in fine, impersonate administrators.

I don't think that strip_tags is useful here, since it would break the search (inability to search strings with tags inside). Maybe do you already have a way to handle it, since it's already correctly escaped somewhere else in the page?

@pascalchevrel

This comment has been minimized.

Show comment
Hide comment
@pascalchevrel

pascalchevrel Mar 11, 2016

Member

Good catch, I am going to look into it this afternoon, thanks!

Member

pascalchevrel commented Mar 11, 2016

Good catch, I am going to look into it this afternoon, thanks!

@pascalchevrel pascalchevrel self-assigned this Mar 11, 2016

pascalchevrel added a commit to pascalchevrel/transvision that referenced this issue Mar 11, 2016

pascalchevrel added a commit that referenced this issue Mar 11, 2016

@pascalchevrel

This comment has been minimized.

Show comment
Hide comment
@pascalchevrel

pascalchevrel Mar 11, 2016

Member

All the reported XSS are fixed on master

Thanks nashe! If you find more stuff, I'll be happy to fix :)

Member

pascalchevrel commented Mar 11, 2016

All the reported XSS are fixed on master

Thanks nashe! If you find more stuff, I'll be happy to fix :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment