Javascript Injection possible #152
Comments
|
It is considered good practice to send vulnerability reports to [email protected] directly. (So these issues can be solved before being published.) But I admit, it is not documented anywhere. Can you tell which version of JIT you are using? Version 2, maybe? (With JIT 1.43 the response I get is |
|
Script injection working for me in JIT 1.44, if dynamic URLs are allowed. On initial load, Should this issue be deleted while a fix is created? I don't have any more recent installations of JIT to test at the moment. |
|
Im using JIT 1.44. You can delete the ticket if you like |
|
I am afraid that I can not delete an issue. Maybe it's not possible at all. @nitriques will know. |
Yes we could. But that's too late. @michael-e I've been dying to add a block direct php access in the .htaccess for quite sometimes. That's the 3rd time it would have prevented XSS... It's not reproducible with 2.x.x because of the renderer. But yeah I can confirm that it's working under 1.44. I think I need to fix it.... |
XSS is a nasty hack, we always need to sanitize user input. Fixes #152
|
A fix is available as version |
|
@dommar04 Can you
Thanks for reporting. As @michael-e said, please write to [email protected] @michael-e I've documented it https://github.com/symphonycms/symphony-2/wiki/Security-Bug-Disclosure |
|
Great! |
|
Yes it works in 1.46 and does not occour in 2.0.0 |
The image.php is vulnerable to Cross-Site Scripting
Example:
..../extensions/jit_image_manipulation/lib/image.php?param=%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E
The text was updated successfully, but these errors were encountered: