New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cross-site scripting vulnerability: MANAGE SUBSCRIPTIONS #431
Comments
Hello @brabbins thank you for your report, StCR has both validation on JS and PHP, so I am not aware of this new report, can you add a detail explanation of how you find the vulnerability ? Regards.!! |
If you would like, I could email you directly. |
Yes please, reedyseth {at) gmail 'dot' com |
Did this ever get sorted out? |
A few minutes of testing indicates no, this has not been fixed. |
Unfortunately I have not heard back from the developer for quite sometime. |
I have a patch for this, I'll get a merge request sent soon. I wanted to do just a bit more hunting for similar xss instances first.
Jesse Norell
…-----Original Message-----
From: brabbins <notifications@github.com>
To: stcr/subscribe-to-comments-reloaded <subscribe-to-comments-reloaded@noreply.github.com>
Sent: Fri, 28 Sep 2018 8:31 AM
Subject: Re: [stcr/subscribe-to-comments-reloaded] Cross-site scripting vulnerability: MANAGE SUBSCRIPTIONS (#431)
Unfortunately I have not heard back from the developer for quite sometime.
--
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
#431 (comment)
|
HI Guys, sorry that I have not been paying attention to this important matter. I have a development version of the plugin that is very different from the master branch, I will give you an answer to see if this is cover on the dev version. https://github.com/stcr/subscribe-to-comments-reloaded/tree/development |
this seems to address the specific issue and at least one other (similar issue with email coming from a cookie rather than form field) and does a little sanity encoding/sanitizing (I think it fixed another issue for me in subscriptions, too :) @brabbins - thanks for this; if you have any other issues from this or future security audits, please send the info. @Reedyseth I haven't tried that branch; we're working towards something we can deploy soon, what's the current status of the development branch, at all usable or ?? thanks! |
Not usable for jr. developers, it changed a lot from the master branch and it needs some setup. |
@Reedyseth, in case you didn't see the note above, there is a merge request to fix this issue. |
@Reedyseth, did you have any questions or concerns with this fix? You might want to push a version update with it, rather than waiting for the development branch to stabilize? Thanks, |
Hi Guys, the code is already added to the dev version 2f37d33 and I will be releasing the next week. Best regards.!! |
Thanks @Reedyseth ! |
Recently we had security audit on one our websites and this plugin showed a cross-site scripting vulnerability. From what I could tell this is happening on the MANAGE SUBSCRIPTIONS/comment-subscriptions page when JS is turned off and in the email input field. I was able to submit script tags and js.
The text was updated successfully, but these errors were encountered: