Project

General

Profile

Bug #8000

XSS on index.php via widget sequence parameters

Added by Jim Pingle almost 2 years ago. Updated almost 2 years ago.

Status:
Resolved
Priority:
Urgent
Assignee:
Category:
Dashboard
Target version:
Start date:
10/24/2017
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.4.x
Affected Architecture:
All

Description

The widget 'sequence' parameter does not perform sanity checking on the widget instance counter, leading to an XSS as it is echoed back to the user directly

To test, edit config, add this to widget sequence tag:

,log:col2:open:next22611;alert(1)//139

Only affects 2.4.x

Associated revisions

Revision 7b973ceb (diff)
Added by Jim Pingle almost 2 years ago

Widget instance counter must be numeric. Fixes #8000

Revision 13751e49 (diff)
Added by Jim Pingle almost 2 years ago

Widget instance counter must be numeric. Fixes #8000

(cherry picked from commit 7b973ceb6f72e22ee1b335128fb8d7f655c82879)

Revision c6adfaa6 (diff)
Added by Jim Pingle almost 2 years ago

Widget instance counter must be numeric. Fixes #8000

(cherry picked from commit 7b973ceb6f72e22ee1b335128fb8d7f655c82879)
(cherry picked from commit 13751e498e0c1023ffcaf6409d73ebd9e6ca111b)

History

#1 Updated by Jim Pingle almost 2 years ago

  • Status changed from Confirmed to Feedback
  • % Done changed from 0 to 100

#2 Updated by Jim Pingle almost 2 years ago

  • Status changed from Feedback to Resolved

#3 Updated by Jim Pingle almost 2 years ago

  • Private changed from Yes to No

Also available in: Atom PDF