php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Sec Bug #68079 XSS in Online Documentation Editor
Submitted: 2014-09-22 21:01 UTC Modified: 2014-09-29 16:29 UTC
From: leight+bugs at gmail dot com Assigned: yannick (profile)
Status: Closed Package: Online Doc Editor problem
PHP Version: Irrelevant OS: -
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: leight+bugs at gmail dot com
New email:
PHP Version: OS:

 

 [2014-09-22 21:01 UTC] leight+bugs at gmail dot com 
Description:
------------
There is an XSS possibility when using Google Account login and possibly other types of login.

For Google Accounts specifically, setting the "nickname" to the following:


"; alert("hi");</script>


Results in the script being executed on the main login page - I have not tried logging in proper, as I did not want to risk injecting a script into all online users browsers.

I think an input sanitising review may be needed across the entire editor.

Test script:
---------------
"; alert("hi");</script>

Expected result:
----------------
No alert

Actual result:
--------------
hi

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-09-23 16:20 UTC] tyrael@php.net
-Assigned To: +Assigned To: yannick
 [2014-09-29 16:29 UTC] bjori@php.net
-Status: Assigned +Status: Closed
 [2014-09-29 16:29 UTC] bjori@php.net 
http://git.php.net/?p=web/doc-editor.git;a=commit;h=b2eebbf925ae7d22842c4a182131d183b1a63771
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu May 02 20:01:31 2024 UTC