Uploaded image for project: 'Felix'
  1. Felix
  2. FELIX-6127

escape nameHint for configuration listing

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: webconsole-4.3.8
    • Fix Version/s: webconsole-4.3.10
    • Component/s: Web Console
    • Labels:
      None

      Description

      There is a XSS vulnerability in configMgr where adding a html or script tag in log file name. Since this console is only accessible to admin, threat rating of this vulnerability is very low.

      Steps to reproduce :

      • In /system/console/configMgr, find Apache Sling Logging Logger Configuration
      • Edit one of the logs, e.g logs/auditlog.log
      • Change to logs/auditlog.log<script>alert("xss")</script>
      • Click Save and refresh
      • Scroll to the configuration and see alert pop up injected

      Expected Behavior : Injected script should be escaped.

        Attachments

        1. escape_namehint_config_js.patch
          1 kB
          Ashok Kumar
        2. nameHint_escape_tags.patch
          3 kB
          Ashok Kumar

          Activity

            People

            • Assignee:
              karlpauls Karl Pauls
              Reporter:
              ashokpanghal Ashok Kumar
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: