[ https://issues.apache.org/jira/browse/OFBIZ-12096?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17252258#comment-17252258 ]
ASF subversion and git services commented on OFBIZ-12096: --------------------------------------------------------- Commit c52f29e0ae7409884c620434def11f2c47bd380f in ofbiz-framework's branch refs/heads/trunk from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=c52f29e ] Fixed: Post-auth XSS vulnerability at catalog/control/EditProductPromo (OFBIZ-12096) We missed to unescape EcmaScript encoded strings in UtilCoded::checkStringForHtmlSafe, ie in all form fields using allow-html="safe" Thanks: 牛治 <niu....@zte.com.cn> for report > Post-auth XSS vulnerability at catalog/control/EditProductPromo > --------------------------------------------------------------- > > Key: OFBIZ-12096 > URL: https://issues.apache.org/jira/browse/OFBIZ-12096 > Project: OFBiz > Issue Type: Sub-task > Components: product/catalog > Affects Versions: Trunk > Reporter: Jacques Le Roux > Assignee: Jacques Le Roux > Priority: Major > Fix For: 18.12.01, 17.12.05 > > > This vulnerability was reported by 牛治 <niu....@zte.com.cn>: > Locations: > * catalog/control/EditProductPromo > * catalog/control/EditProductPromoCode > Description: the Promo Name and Promo Text input boxes on the > EditProductPromo page have not a valid verification and result in an XSS > attack. > Poc: Encode the characters of "<script>alert('poruin')</script>", and the poc > after encoding is as follows > "\x3C\x73\x63\x72\x69\x70\x74\x3E\x61\x6C\x65\x72\x74\x28\x27\x70\x6F\x72\x75\x69\x6E\x27\x29\x3C\x2F\x73\x63\x72\x69\x70\x74\x3E" > As this vulnerability is a post-auth we did not create a CVE -- This message was sent by Atlassian Jira (v8.3.4#803005)