Project

General

Profile

Bug #7650

vendor/filebrowser/browser.php: Filename parameter is unencoded which can lead to a potential XSS

Added by Jim Pingle about 3 years ago. Updated about 3 years ago.

Status:
Resolved
Priority:
High
Assignee:
Category:
Web Interface
Target version:
Start date:
06/16/2017
Due date:
% Done:

100%

Estimated time:
Affected Version:
All
Affected Architecture:
All

Description

First load a file on diag_edit.php and then save it with ');alert('XSS appended to the name, then browse and try to load the file.

In order to exploit this, the user must already have root access to the box to write a file, or write it themselves. There is no practical way to exploit this that would gain an attacker anything they couldn't get by other means with access to this page already. Still worth addressing.

Associated revisions

Revision d0acfddd (diff)
Added by Jim Pingle about 3 years ago

Prevent the filename from being used to run XSS in the diag_edit.php file browser. Fixes #7650

Revision d6f20c32 (diff)
Added by Jim Pingle about 3 years ago

Prevent the filename from being used to run XSS in the diag_edit.php file browser. Fixes #7650

Revision 5ca16d84 (diff)
Added by Jim Pingle about 3 years ago

Prevent the filename from being used to run XSS in the diag_edit.php file browser. Fixes #7650

History

#1 Updated by Jim Pingle about 3 years ago

  • Status changed from Confirmed to Feedback
  • % Done changed from 0 to 100

#2 Updated by Jim Pingle about 3 years ago

  • Status changed from Feedback to Resolved

Fixed

#3 Updated by Jim Pingle about 3 years ago

  • Private changed from Yes to No

Also available in: Atom PDF