[MGNLSLOCK-21] Parameters allow JavaScript, which is returned and executed on client - XSS Vulnerability Created: 21/Feb/12  Updated: 27/Apr/12  Resolved: 17/Apr/12

Status: Closed
Project: Magnolia Soft Locking Module
Component/s: None
Affects Version/s: 1.0.1
Fix Version/s: 1.0.5, 2.0.2

Type: Bug Priority: Neutral
Reporter: Richard Unger Assignee: Federico Grilli
Resolution: Fixed Votes: 0
Labels: XSS, security, softlocking
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

The Soft-Locking Module will accept a parameter containing JavaScript, and return it to the client, where the JavaScript then gets executed.

This will allow XSS attacks in the form of links sent to Editors.

Example:

http://demo.magnolia-cms.com/demo-project.html?isSoftLockingAjaxRequest=true&op=%3CSCRIPT%3Ealert%28%2220110927%20-%20XSS%20via%20URL%20Ajax%22%29;%3C/SCRIPT%3E



 Comments   
Comment by Federico Grilli [ 21/Feb/12 ]

Thanks for reporting this. Will try to include the fix for the next releases (both major and minor).

Comment by Federico Grilli [ 17/Apr/12 ]

needs to be backported

Generated at Mon Feb 12 07:14:34 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.