Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Multiple XSS vulnerabilities on search module #676

Closed
ghost opened this issue Mar 11, 2016 · 2 comments
Closed

Multiple XSS vulnerabilities on search module #676

ghost opened this issue Mar 11, 2016 · 2 comments
Assignees

Comments

@ghost
Copy link

ghost commented Mar 11, 2016

Aloha,

I stumbled upon at least 3 HTML injection possibilities while making a search in Transvision.

If you open this link, you'll get 3 alerts. It's at least included in the top menu, the search input and the sentence giving the equivalent request if made on the API.

On a first time, I was believing that the impact is very low since there is no administration panel or user accounts for this website: the vulnerability would be only used to create phishing pages using your subdomain ou like an open redirect - see OWASP articles for both).

But it appears that the website is hosted on a .mozfr.org subdomain, so this vulnerability can be used to steal cookies from other subdomains, like the wiki of the forums, and in fine, impersonate administrators.

I don't think that strip_tags is useful here, since it would break the search (inability to search strings with tags inside). Maybe do you already have a way to handle it, since it's already correctly escaped somewhere else in the page?

@pascalchevrel
Copy link
Member

Good catch, I am going to look into it this afternoon, thanks!

@pascalchevrel pascalchevrel self-assigned this Mar 11, 2016
pascalchevrel added a commit to pascalchevrel/transvision that referenced this issue Mar 11, 2016
pascalchevrel added a commit that referenced this issue Mar 11, 2016
@pascalchevrel
Copy link
Member

All the reported XSS are fixed on master

Thanks nashe! If you find more stuff, I'll be happy to fix :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant