Project

General

Profile

Actions

Bug #8037

closed

status_monitoring.php XSS

Added by Anonymous almost 7 years ago. Updated almost 7 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
Category:
-
Target version:
Start date:
10/31/2017
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.2
Affected Architecture:

Description

If you click the edit icon > display advanced > add view and then enter <script>alert(1)</script> it looks like it doesn't sanitize any input and chrome gives you an XSS warning and then you press back and the alert pops up.
In status_monitoring.php I think all that is needed is to escape the post variable $title. There are 2 sections one is under if($_POST['add-view']) and if ($_POST['save-view']) Changing this `$title = $_POST['view-title'];` to this `$title = htmlspecialchars($_POST['view-title']);` seems to work. You may want to check the javascript version of create-slug(); and add-view.onclick() It is suppose to check for duplicates but if you escape the HTML characters in PHP it doesn't match up and will let you put duplicates if they contain HTML characters.

Actions #1

Updated by Jim Pingle almost 7 years ago

  • Status changed from New to Duplicate

Looking back at #7876 it seems like the same base issue but there were two more potential vectors that needed repair, I put everything under the old ticket. Fixes are pushed everywhere now.

Actions #2

Updated by Jim Pingle almost 7 years ago

  • Private changed from Yes to No
Actions

Also available in: Atom PDF