[XWIKI-5243] Reflected XSS in edit(wiki|wysiwyg|wysiwygnew).vm - XWiki.org JIRA

Details

Type: Bug
Resolution: Fixed
Priority: Major
Fix Version/s: 2.5 M1, 2.4.1
Affects Version/s: 2.3, 2.2.6, 2.3.1, 2.4 M1
Component/s: Web - Templates & Resources
Labels:
None

keywords:
security, xss, patch
Tests:

Integration
Difficulty:
Trivial
Similar issues:

Description

Exactly the same mistakes in all 3 templates. Injection via "section", "template" and "xredirect" example:

http://localhost:8080/xwiki/bin/view/Main/Test?xpage=editwiki&section=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E
http://localhost:8080/xwiki/bin/view/Main/Test?xpage=editwiki&template=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E
http://localhost:8080/xwiki/bin/view/Main/Test?xpage=editwiki&xredirect=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E

http://localhost:8080/xwiki/bin/view/Main/Test?xpage=editwysiwygnew&section=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E
http://localhost:8080/xwiki/bin/view/Main/Test?xpage=editwysiwygnew&template=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E
http://localhost:8080/xwiki/bin/view/Main/Test?xpage=editwysiwygnew&xredirect=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E

http://localhost:8080/xwiki/bin/view/Main/Test2?xpage=editwysiwyg&section=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E
http://localhost:8080/xwiki/bin/view/Main/Test2?xpage=editwysiwyg&template=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E
http://localhost:8080/xwiki/bin/view/Main/Test2?xpage=editwysiwyg&xredirect=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

XWIKI-5243-fix.patch
3 kB
09/Aug/10 15:37

Issue Links

is duplicated by

XWIKI-5235 Reflected XSS over section parameter

Closed

Activity

[XWIKI-5243] Reflected XSS in edit(wiki|wysiwyg|wysiwygnew).vm

Alex Busenius added a comment - 17/Aug/10 13:12 - edited

Fixed in r30675, 2.4 branch in r30791

Alex Busenius added a comment - 17/Aug/10 13:12 - edited Fixed in r30675, 2.4 branch in r30791

Alex Busenius added a comment - 09/Aug/10 15:37

Added fix, tests are in escaping-tests/.

Alex Busenius added a comment - 09/Aug/10 15:37 Added fix, tests are in escaping-tests/.

Alex Busenius added a comment - 09/Aug/10 15:14

Escaping test result:

* Parameter: "section"
  Tested file: templates/editwysiwyg.vm
  URL: http://localhost:8080/xwiki/bin/view/Main/WebHome?section=aaa%22bbb%27ccc%3Eddd%3Ceee&skin=default&vm=editwysiwyg.vm&xpage=xpart&language=en
  List of validation errors:
    line    4  column 105  FATAL: Unescaped apostrophe character
    line    4  column 101  FATAL: Unescaped quote character
* Parameter: "template"
  Tested file: templates/editwysiwyg.vm
  URL: http://localhost:8080/xwiki/bin/view/Main/WebHome?skin=default&vm=editwysiwyg.vm&template=aaa%22bbb%27ccc%3Eddd%3Ceee&xpage=xpart&language=en
  List of validation errors:
    line    3  column  48  FATAL: Unescaped apostrophe character
    line    3  column  44  FATAL: Unescaped quote character
* Parameter: "xredirect"
  Tested file: templates/editwysiwyg.vm
  URL: http://localhost:8080/xwiki/bin/view/Main/WebHome?skin=default&vm=editwysiwyg.vm&xredirect=aaa%22bbb%27ccc%3Eddd%3Ceee&xpage=xpart&language=en
  List of validation errors:
    line    5  column  49  FATAL: Unescaped apostrophe character
    line    5  column  45  FATAL: Unescaped quote character

* Parameter: "section"
  Tested file: templates/editwysiwygnew.vm
  URL: http://localhost:8080/xwiki/bin/view/Main/WebHome?section=aaa%22bbb%27ccc%3Eddd%3Ceee&skin=default&vm=editwysiwygnew.vm&xpage=xpart&language=en
  List of validation errors:
    line    4  column 105  FATAL: Unescaped apostrophe character
    line    4  column 101  FATAL: Unescaped quote character
* Parameter: "template"
  Tested file: templates/editwysiwygnew.vm
  URL: http://localhost:8080/xwiki/bin/view/Main/WebHome?skin=default&vm=editwysiwygnew.vm&template=aaa%22bbb%27ccc%3Eddd%3Ceee&xpage=xpart&language=en
  List of validation errors:
    line    3  column  48  FATAL: Unescaped apostrophe character
    line    3  column  44  FATAL: Unescaped quote character
* Parameter: "xredirect"
  Tested file: templates/editwysiwygnew.vm
  URL: http://localhost:8080/xwiki/bin/view/Main/WebHome?skin=default&vm=editwysiwygnew.vm&xredirect=aaa%22bbb%27ccc%3Eddd%3Ceee&xpage=xpart&language=en
  List of validation errors:
    line    5  column  49  FATAL: Unescaped apostrophe character
    line    5  column  45  FATAL: Unescaped quote character

* Parameter: "section"
  Tested file: templates/editwysiwyg.vm
  URL: http://localhost:8080/xwiki/bin/view/Main/WebHome?section=aaa%22bbb%27ccc%3Eddd%3Ceee&skin=default&vm=editwysiwyg.vm&xpage=xpart&language=en
  List of validation errors:
    line    4  column 105  FATAL: Unescaped apostrophe character
    line    4  column 101  FATAL: Unescaped quote character
* Parameter: "template"
  Tested file: templates/editwysiwyg.vm
  URL: http://localhost:8080/xwiki/bin/view/Main/WebHome?skin=default&vm=editwysiwyg.vm&template=aaa%22bbb%27ccc%3Eddd%3Ceee&xpage=xpart&language=en
  List of validation errors:
    line    3  column  48  FATAL: Unescaped apostrophe character
    line    3  column  44  FATAL: Unescaped quote character
* Parameter: "xredirect"
  Tested file: templates/editwysiwyg.vm
  URL: http://localhost:8080/xwiki/bin/view/Main/WebHome?skin=default&vm=editwysiwyg.vm&xredirect=aaa%22bbb%27ccc%3Eddd%3Ceee&xpage=xpart&language=en
  List of validation errors:
    line    5  column  49  FATAL: Unescaped apostrophe character
    line    5  column  45  FATAL: Unescaped quote character

Alex Busenius added a comment - 09/Aug/10 15:14 Escaping test result: * Parameter: "section" Tested file: templates/editwysiwyg.vm URL: http://localhost:8080/xwiki/bin/view/Main/WebHome?section=aaa%22bbb%27ccc%3Eddd%3Ceee&skin=default&vm=editwysiwyg.vm&xpage=xpart&language=en List of validation errors: line 4 column 105 FATAL: Unescaped apostrophe character line 4 column 101 FATAL: Unescaped quote character * Parameter: "template" Tested file: templates/editwysiwyg.vm URL: http://localhost:8080/xwiki/bin/view/Main/WebHome?skin=default&vm=editwysiwyg.vm&template=aaa%22bbb%27ccc%3Eddd%3Ceee&xpage=xpart&language=en List of validation errors: line 3 column 48 FATAL: Unescaped apostrophe character line 3 column 44 FATAL: Unescaped quote character * Parameter: "xredirect" Tested file: templates/editwysiwyg.vm URL: http://localhost:8080/xwiki/bin/view/Main/WebHome?skin=default&vm=editwysiwyg.vm&xredirect=aaa%22bbb%27ccc%3Eddd%3Ceee&xpage=xpart&language=en List of validation errors: line 5 column 49 FATAL: Unescaped apostrophe character line 5 column 45 FATAL: Unescaped quote character * Parameter: "section" Tested file: templates/editwysiwygnew.vm URL: http://localhost:8080/xwiki/bin/view/Main/WebHome?section=aaa%22bbb%27ccc%3Eddd%3Ceee&skin=default&vm=editwysiwygnew.vm&xpage=xpart&language=en List of validation errors: line 4 column 105 FATAL: Unescaped apostrophe character line 4 column 101 FATAL: Unescaped quote character * Parameter: "template" Tested file: templates/editwysiwygnew.vm URL: http://localhost:8080/xwiki/bin/view/Main/WebHome?skin=default&vm=editwysiwygnew.vm&template=aaa%22bbb%27ccc%3Eddd%3Ceee&xpage=xpart&language=en List of validation errors: line 3 column 48 FATAL: Unescaped apostrophe character line 3 column 44 FATAL: Unescaped quote character * Parameter: "xredirect" Tested file: templates/editwysiwygnew.vm URL: http://localhost:8080/xwiki/bin/view/Main/WebHome?skin=default&vm=editwysiwygnew.vm&xredirect=aaa%22bbb%27ccc%3Eddd%3Ceee&xpage=xpart&language=en List of validation errors: line 5 column 49 FATAL: Unescaped apostrophe character line 5 column 45 FATAL: Unescaped quote character * Parameter: "section" Tested file: templates/editwysiwyg.vm URL: http://localhost:8080/xwiki/bin/view/Main/WebHome?section=aaa%22bbb%27ccc%3Eddd%3Ceee&skin=default&vm=editwysiwyg.vm&xpage=xpart&language=en List of validation errors: line 4 column 105 FATAL: Unescaped apostrophe character line 4 column 101 FATAL: Unescaped quote character * Parameter: "template" Tested file: templates/editwysiwyg.vm URL: http://localhost:8080/xwiki/bin/view/Main/WebHome?skin=default&vm=editwysiwyg.vm&template=aaa%22bbb%27ccc%3Eddd%3Ceee&xpage=xpart&language=en List of validation errors: line 3 column 48 FATAL: Unescaped apostrophe character line 3 column 44 FATAL: Unescaped quote character * Parameter: "xredirect" Tested file: templates/editwysiwyg.vm URL: http://localhost:8080/xwiki/bin/view/Main/WebHome?skin=default&vm=editwysiwyg.vm&xredirect=aaa%22bbb%27ccc%3Eddd%3Ceee&xpage=xpart&language=en List of validation errors: line 5 column 49 FATAL: Unescaped apostrophe character line 5 column 45 FATAL: Unescaped quote character

Reflected XSS in edit(wiki|wysiwyg|wysiwygnew).vm

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates