Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upMultiple XSS vulnerabilities on search module #676
Closed
Assignees
Comments
|
Good catch, I am going to look into it this afternoon, thanks! |
pascalchevrel
added a commit
to pascalchevrel/transvision
that referenced
this issue
Mar 11, 2016
|
All the reported XSS are fixed on master Thanks nashe! If you find more stuff, I'll be happy to fix :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Aloha,
I stumbled upon at least 3 HTML injection possibilities while making a search in Transvision.
If you open this link, you'll get 3 alerts. It's at least included in the top menu, the search input and the sentence giving the equivalent request if made on the API.
On a first time, I was believing that the impact is very low since there is no administration panel or user accounts for this website: the vulnerability would be only used to create phishing pages using your subdomain ou like an open redirect - see OWASP articles for both).
But it appears that the website is hosted on a .mozfr.org subdomain, so this vulnerability can be used to steal cookies from other subdomains, like the wiki of the forums, and in fine, impersonate administrators.
I don't think that
strip_tagsis useful here, since it would break the search (inability to search strings with tags inside). Maybe do you already have a way to handle it, since it's already correctly escaped somewhere else in the page?