Multiple XSS vulnerabilities on search module

[nashe]

Aloha,

I stumbled upon at least 3 HTML injection possibilities while making a search in Transvision.

If you open this link, you'll get 3 alerts. It's at least included in the top menu, the search input and the sentence giving the equivalent request if made on the API.

On a first time, I was believing that the impact is very low since there is no administration panel or user accounts for this website: the vulnerability would be only used to create phishing pages using your subdomain ou like an open redirect - see OWASP articles for both).

But it appears that the website is hosted on a .mozfr.org subdomain, so this vulnerability can be used to steal cookies from other subdomains, like the wiki of the forums, and in fine, impersonate administrators.

I don't think that strip_tags is useful here, since it would break the search (inability to search strings with tags inside). Maybe do you already have a way to handle it, since it's already correctly escaped somewhere else in the page?

[pascalchevrel]

Good catch, I am going to look into it this afternoon, thanks!

[pascalchevrel]

Good catch, I am going to look into it this afternoon, thanks!

[pascalchevrel]

All the reported XSS are fixed on master

Thanks nashe! If you find more stuff, I'll be happy to fix :)

[pascalchevrel]

All the reported XSS are fixed on master

Thanks nashe! If you find more stuff, I'll be happy to fix :)