Actions
Bug #5351
closed
Sanitze user input, even if restricted by html
Start date:
10/28/2015
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.3
Affected Architecture:
All
Description
The following XSS can be eleminated, by checking if the input is a number, but I think there are more attacks possible.
Go to the dashboard and open the trafficgraph-settings. Change the input type from number to text for the refresh-interval element and put some xss content inside, e.g.
"><script>alert("XSS")</script>
and voila, there you have it.
I think there are tons of XSS-attacks possible. The problem is, that these settings are shared via user accounts, so a "unprivileged" user can change those settings and attack an admin for example.
Updated by
Updated by Anonymous over 8 years ago
- Status changed from New to Feedback
Added input validation to this and other widgets that showed the same vulnerability.
Updated by Anonymous over 8 years ago
- % Done changed from 0 to 100
Applied in changeset 9eb8cafaa7b720810a4c158061114e5f7951fefb.
Updated by Chris Buechler over 8 years ago
- Status changed from Feedback to Resolved
that instance and others in widgets resolved now
Actions