You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I stumbled upon at least 3 HTML injection possibilities while making a search in Transvision.
If you open this link, you'll get 3 alerts. It's at least included in the top menu, the search input and the sentence giving the equivalent request if made on the API.
On a first time, I was believing that the impact is very low since there is no administration panel or user accounts for this website: the vulnerability would be only used to create phishing pages using your subdomain ou like an open redirect - see OWASP articles for both).
But it appears that the website is hosted on a .mozfr.org subdomain, so this vulnerability can be used to steal cookies from other subdomains, like the wiki of the forums, and in fine, impersonate administrators.
I don't think that strip_tags is useful here, since it would break the search (inability to search strings with tags inside). Maybe do you already have a way to handle it, since it's already correctly escaped somewhere else in the page?
The text was updated successfully, but these errors were encountered:
Aloha,
I stumbled upon at least 3 HTML injection possibilities while making a search in Transvision.
If you open this link, you'll get 3 alerts. It's at least included in the top menu, the search input and the sentence giving the equivalent request if made on the API.
On a first time, I was believing that the impact is very low since there is no administration panel or user accounts for this website: the vulnerability would be only used to create phishing pages using your subdomain ou like an open redirect - see OWASP articles for both).
But it appears that the website is hosted on a .mozfr.org subdomain, so this vulnerability can be used to steal cookies from other subdomains, like the wiki of the forums, and in fine, impersonate administrators.
I don't think that
strip_tags
is useful here, since it would break the search (inability to search strings with tags inside). Maybe do you already have a way to handle it, since it's already correctly escaped somewhere else in the page?The text was updated successfully, but these errors were encountered: