[MGNLSTK-660] XSS leak in standard search field Created: 08/Jul/10  Updated: 13/Jul/10  Resolved: 13/Jul/10

Status: Closed
Project: Magnolia Standard Templating Kit (closed)
Component/s: None
Affects Version/s: 1.3.1
Fix Version/s: None

Type: Bug Priority: Critical
Reporter: Hay Kranen Assignee: Philipp Bärfuss
Resolution: Cannot Reproduce Votes: 0
Labels: security, stk, xss
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
duplicate
duplicates MGNLSTK-617 Possible content hi-jack via pre-fill... Closed
Template:
Acceptance criteria:
Empty
Date of First Response:

 Description   

HTML content is not escaped in the two search fields in the default STK site (the default one at the top, and the one on the bottom on the results page).

E.g, search for

"><script>alert("xss");</script>

This works on the live Magnolia-cms.com site:

http://www.magnolia-cms.com/home/top-level/searchResult.html?queryStr=%22%3E%3Cscript%3Edocument.write%28%27%3Cobject+width%3D%22480%22+height%3D%22385%22%3E%3Cparam+name%3D%22movie%22+value%3D%22http%3A%2F%2Fwww.youtube.com%2Fv%2FiwGFalTRHDA%26amp%3Bhl%3Den_US%26amp%3Bfs%3D1%22%3E%3C%2Fparam%3E%3Cparam+name%3D%22allowFullScreen%22+value%3D%22true%22%3E%3C%2Fparam%3E%3Cparam+name%3D%22allowscriptaccess%22+value%3D%22always%22%3E%3C%2Fparam%3E%3Cembed+src%3D%22http%3A%2F%2Fwww.youtube.com%2Fv%2FiwGFalTRHDA%26amp%3Bhl%3Den_US%26amp%3Bfs%3D1%22+type%3D%22application%2Fx-shockwave-flash%22+allowscriptaccess%3D%22always%22+allowfullscreen%3D%22true%22+width%3D%22480%22+height%3D%22385%22%3E%3C%2Fembed%3E%3C%2Fobject%3E%27%29%3B%3C%2Fscript%3E

Related to issue MGNLSTK-617



 Comments   
Comment by Philipp Bärfuss [ 13/Jul/10 ]

Definitely not reproducible with 1.3.1.

Test same request on demo:

http://demopublic.magnolia-cms.com/demo-project/service/search-result.html?queryStr=%22%3E%3Cscript%3Edocument.write%28%27%3Cobject+width%3D%22480%22+height%3D%22385%22%3E%3Cparam+name%3D%22movie%22+value%3D%22http%3A%2F%2Fwww.youtube.com%2Fv%2FiwGFalTRHDA%26amp%3Bhl%3Den_US%26amp%3Bfs%3D1%22%3E%3C%2Fparam%3E%3Cparam+name%3D%22allowFullScreen%22+value%3D%22true%22%3E%3C%2Fparam%3E%3Cparam+name%3D%22allowscriptaccess%22+value%3D%22always%22%3E%3C%2Fparam%3E%3Cembed+src%3D%22http%3A%2F%2Fwww.youtube.com%2Fv%2FiwGFalTRHDA%26amp%3Bhl%3Den_US%26amp%3Bfs%3D1%22+type%3D%22application%2Fx-shockwave-flash%22+allowscriptaccess%3D%22always%22+allowfullscreen%3D%22true%22+width%3D%22480%22+height%3D%22385%22%3E%3C%2Fembed%3E%3C%2Fobject%3E%27%29%3B%3C%2Fscript%3E

Generated at Mon Feb 12 07:29:11 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.