PHP :: Sec Bug #68079 :: XSS in Online Documentation Editor

Sec Bug #68079	XSS in Online Documentation Editor
Submitted:	2014-09-22 21:01 UTC	Modified:	2014-09-29 16:29 UTC
From:	leight+bugs at gmail dot com	Assigned:	yannick (profile)
Status:	Closed	Package:	Online Doc Editor problem
PHP Version:	Irrelevant	OS:	-
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !

Your email address: MUST BE VALID
Solve the problem: 34 - 23 = ?
Subscribe to this entry?

[2014-09-22 21:01 UTC] leight+bugs at gmail dot com

Description:
------------
There is an XSS possibility when using Google Account login and possibly other types of login.

For Google Accounts specifically, setting the "nickname" to the following:


"; alert("hi");</script>


Results in the script being executed on the main login page - I have not tried logging in proper, as I did not want to risk injecting a script into all online users browsers.

I think an input sanitising review may be needed across the entire editor.

Test script:
---------------
"; alert("hi");</script>

Expected result:
----------------
No alert

Actual result:
--------------
hi

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2014-09-23 16:20 UTC] tyrael@php.net

-Assigned To: +Assigned To: yannick

[2014-09-29 16:29 UTC] bjori@php.net

-Status: Assigned +Status: Closed

[2014-09-29 16:29 UTC] bjori@php.net

http://git.php.net/?p=web/doc-editor.git;a=commit;h=b2eebbf925ae7d22842c4a182131d183b1a63771

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri May 17 08:01:35 2024 UTC