Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-29699

XSS vulnerability in 'disabled module' error template

    XMLWordPrintable

Details

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: High High
    • Customer request
    • 5.3.12, 5.4.12
    • Legacy > Administration Interface

    • Mozilla FF (tested on the current latest version 62.0.2 but Customer observed it also on IE 11.0.9600.19100 and Firefox 52.8.0). Chrome and Safari are not affected.

    Description

      Update: Fixed in v2018.09.1.2, v2018.06.1.3, v2017.12.4.2, v5.4.12.2, v5.3.12.5

      Customer observed an issue, where JS code is run from the proper formatted URL e.g. http://mysite.com/%3Cimg%20src=0%20onError=alert(document.cookie)%3E.

      Steps to reproduce:
      1. Edit [SiteAccessRules] section located in ezpublish_legacy/settings/site.ini and enable following lines:

      [SiteAccessRules]
Rules[]
Rules[]=access;disable
Rules[]=moduleall

      2. Clear all the caches.
      3. Visit your site URL and add suffix like: <img src="" onError=alert(document.cookie)>.
      4. See that JS alert window is shown.

      Attachments

        Activity

          People

            Unassigned Unassigned
            konrad.oboza@ibexa.co Konrad Oboza
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 7 hours
                7h