Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-29699

XSS vulnerability in 'disabled module' error template

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: 5.3.12, 5.4.12
    • Fix Version/s: Customer request
    • Labels:
    • Environment:

      Mozilla FF (tested on the current latest version 62.0.2 but Customer observed it also on IE 11.0.9600.19100 and Firefox 52.8.0). Chrome and Safari are not affected.

      Description

      Update: Fixed in v2018.09.1.2, v2018.06.1.3, v2017.12.4.2, v5.4.12.2, v5.3.12.5

      Customer observed an issue, where JS code is run from the proper formatted URL e.g. http://mysite.com/%3Cimg%20src=0%20onError=alert(document.cookie)%3E.

      Steps to reproduce:
      1. Edit [SiteAccessRules] section located in ezpublish_legacy/settings/site.ini and enable following lines:

      [SiteAccessRules]
      Rules[]
      Rules[]=access;disable
      Rules[]=moduleall
      

      2. Clear all the caches.
      3. Visit your site URL and add suffix like: <img src="" onError=alert(document.cookie)>.
      4. See that JS alert window is shown.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              konrad.oboza@ez.no Konrad Oboza
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 7 hours
                7h