Details
-
Bug
-
Resolution: Fixed
-
High
-
5.3.12, 5.4.12
-
Mozilla FF (tested on the current latest version 62.0.2 but Customer observed it also on IE 11.0.9600.19100 and Firefox 52.8.0). Chrome and Safari are not affected.
Description
Update: Fixed in v2018.09.1.2, v2018.06.1.3, v2017.12.4.2, v5.4.12.2, v5.3.12.5
Customer observed an issue, where JS code is run from the proper formatted URL e.g. http://mysite.com/%3Cimg%20src=0%20onError=alert(document.cookie)%3E.
Steps to reproduce:
1. Edit [SiteAccessRules] section located in ezpublish_legacy/settings/site.ini and enable following lines:
[SiteAccessRules] Rules[] Rules[]=access;disable Rules[]=moduleall
2. Clear all the caches.
3. Visit your site URL and add suffix like: <img src="" onError=alert(document.cookie)>.
4. See that JS alert window is shown.