Uploaded image for project: 'Nuxeo Elements'
  1. Nuxeo Elements
  2. ELEMENTS-53

XSS issue in nuxeo-select2

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.2.5
    • Component/s: Widgets

      Description

      Problem

      nuxeo-select2 element does not propertly escape the content before displaying it.

      As a result, it create a XSS vulnerability is the "entries" displayed contains malicious html.
      Since the content can come from external sources (LDAP, SQL) or being updated via REST API, we can not rely on the fact that the escaping was done before and that the data is safe.

      Step to reproduce the issue

      • As a low-privilege user, change the user's last name to include the following JavaScript: <script>alert('xss')</script>
      • As an administrator user, click on the permissions tab and create a new permission
      • Search for the new user
      • Observe the JavaScript being executed

        Attachments

          Activity

            People

            • Assignee:
              nsilva Nelson Silva
              Reporter:
              nsilva Nelson Silva
              Participants:
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: