[
https://issues.apache.org/jira/browse/OFBIZ-12096?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17252240#comment-17252240
]
ASF subversion and git services commented on OFBIZ-12096:
---------------------------------------------------------
Commit d620550a5f0fb757d2af6f66af0d7b2e19f9cb6f in ofbiz-framework's branch
refs/heads/release18.12 from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=d620550 ]
Fixed: Post-auth XSS vulnerability at catalog/control/EditProductPromo
(OFBIZ-12096)
We missed to unescape EcmaScript encoded strings in
UtilCoded::checkStringForHtmlSafe, ie in all form fields using allow-html="safe"
Thanks: 牛治 <niu....@zte.com.cn> for report
Conflicts handled by hand => no functional changes in code (ude to IDE setting)
framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java
> Post-auth XSS vulnerability at catalog/control/EditProductPromo
> ---------------------------------------------------------------
>
> Key: OFBIZ-12096
> URL: https://issues.apache.org/jira/browse/OFBIZ-12096
> Project: OFBiz
> Issue Type: Sub-task
> Components: product/catalog
> Affects Versions: Trunk
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Major
>
> This vulnerability was reported by 牛治 <niu....@zte.com.cn>:
> Locations:
> * catalog/control/EditProductPromo
> * catalog/control/EditProductPromoCode
> Description: the Promo Name and Promo Text input boxes on the
> EditProductPromo page have not a valid verification and result in an XSS
> attack.
> Poc: Encode the characters of "<script>alert('poruin')</script>", and the poc
> after encoding is as follows
> "\x3C\x73\x63\x72\x69\x70\x74\x3E\x61\x6C\x65\x72\x74\x28\x27\x70\x6F\x72\x75\x69\x6E\x27\x29\x3C\x2F\x73\x63\x72\x69\x70\x74\x3E"
> As this vulnerability is a post-auth we did not create a CVE
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
