Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-15545

XSS in Import Image

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Major
    • None
    • 10.6.1, 10.7
    • None
    • It works on your XWiki sandbox/playground: playground.xwiki.org, so I assume it works everywhere
    • Medium

    Description

      Hi, I would like to report an issue.

      Description:
      There's an XSS on in image import function ( image: ). It's available only for logged in users, who are allowed to create new posts, but can lead to stealing admin user's credentials.

      Steps to reproduce bug:

      1. Go to page edition (for example: https://playground.xwiki.org/xwiki/bin/edit/Sandbox/WebHome
      2. Select "Source" button
      3. In source enter for example:

      [[image:test||alt="" width="1" height="1" onerror="alert(document.location)"]]

      1. Click "Preview"
      2. There's XSS.

      Contact:
      If you want to get further information, mail me at: kmpl@protonmail.com

      Attachments

        1. 1.png
          29 kB
          Mik Kow
        2. 2.png
          43 kB
          Mik Kow
        3. phish.txt
          68 kB
          Mik Kow

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-8593 XSS in images and links using on* parameter.

          • Major - Major loss of function.
          • Closed

          Activity

            People

              surli Simon Urli
              kmpl Mik Kow
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: