Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User inputs need to be sanitized #4265

Closed
1 of 5 tasks
khalidadil opened this issue Sep 28, 2021 · 1 comment
Closed
1 of 5 tasks

User inputs need to be sanitized #4265

khalidadil opened this issue Sep 28, 2021 · 1 comment
Labels
severity:critical type:bug

Comments

@khalidadil
Copy link
Contributor

khalidadil commented Sep 28, 2021
edited
Loading

Summary

The “Condition Widget” object is vulnerable against stored DOM-based XSS (in v1.1.1 to v1.7.5) that allows the injection of malicious JavaScript into the ‘URL’ field.

Files impacted:
https://github.com/nasa/openmct/blob/master/src/plugins/conditionWidget/plugin.js#L50
https://github.com/nasa/openmct/blob/master/src/plugins/conditionWidget/components/ConditionWidget.vue#L26

The “Summary Widget” object is vulnerable against stored DOM-based XSS (in v0.13.1 to v1.7.5) that allows the injection of malicious JavaScript into the ‘URL’ field.

Files impacted:
https://github.com/nasa/openmct/blob/master/src/plugins/summaryWidget/src/SummaryWidget.js#L116

The “Web Page” object is vulnerable against stored DOM-based XSS (in v1.1.1 to v1.7.5) that allows the injection of malicious JavaScript into the ‘URL’ field.

Files impacted:
https://github.com/nasa/openmct/blob/master/src/plugins/webPage/plugin.js#L37
https://github.com/nasa/openmct/blob/master/src/plugins/webPage/components/WebPage.vue#L3

Impact Check List

  • Data loss or misrepresented data?
  • Regression? Did this used to work or has it always been broken?
  • Is there a workaround available?
  • Does this impact a critical component?
  • Is this just a visual bug?

Steps to Reproduce

Condition Widget Object Vulnerability

  • Press the upper left “CREATE” button in order to use the “Condition Widget” object. Once added, enter javascript:alert(“XSS”) in the URL field and press “OK”.
  • Navigate to the new Condition object.
  • An alert will be presented.

Summary Widget Object Vulnerability

  • Press the upper left “CREATE” button in order to use the “Summary Widget” object. Once added, enter javascript:alert(“XSS”) in the URL field and press “OK”.
  • Navigate to the new Summary object and press the green "Unnamed Rule" button.
  • An alert message will be presented.

Web Page Object Vulnerability

  • Press the upper left “CREATE” button in order to use the “Web Page” object. Once added, enter javascript:alert(“XSS”) in the URL field and press “OK”.
  • Navigate to the new Web Page object.
  • An alert message will be presented.
@khalidadil khalidadil self-assigned this Sep 28, 2021
@khalidadil khalidadil mentioned this issue Oct 6, 2021
Merged
8 tasks
@unlikelyzero unlikelyzero assigned jvigliotta and unassigned khalidadil Oct 8, 2021
@unlikelyzero unlikelyzero assigned jvigliotta and unassigned jvigliotta Oct 8, 2021
@jvigliotta
Copy link
Contributor

Verified Fixed - Testathon 10/8

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
severity:critical type:bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nikhilmandlik @khalidadil @jvigliotta @unlikelyzero