Project

General

Profile

Actions

Bug #8000

closed

XSS on index.php via widget sequence parameters

Added by Jim Pingle almost 7 years ago. Updated almost 7 years ago.

Status:
Resolved
Priority:
Urgent
Assignee:
Category:
Dashboard
Target version:
Start date:
10/24/2017
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.x
Affected Architecture:
All

Description

The widget 'sequence' parameter does not perform sanity checking on the widget instance counter, leading to an XSS as it is echoed back to the user directly

To test, edit config, add this to widget sequence tag:

,log:col2:open:next22611;alert(1)//139

Only affects 2.4.x

Actions #1

Updated by Jim Pingle almost 7 years ago

  • Status changed from Confirmed to Feedback
  • % Done changed from 0 to 100
Actions #2

Updated by Jim Pingle almost 7 years ago

  • Status changed from Feedback to Resolved
Actions #3

Updated by Jim Pingle almost 7 years ago

  • Private changed from Yes to No
Actions

Also available in: Atom PDF