You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@ofbiz.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2022/03/14 07:46:00 UTC
[jira] [Commented] (OFBIZ-12584) Stored XSS in webappPath parameter from content/control/EditWebSite
[ https://issues.apache.org/jira/browse/OFBIZ-12584?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17506040#comment-17506040 ]
ASF subversion and git services commented on OFBIZ-12584:
---------------------------------------------------------
Commit 7482dc6966cfda0e8c3074d6c26be075a9ab1229 in ofbiz-framework's branch refs/heads/release18.12 from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=7482dc6 ]
Fixed: Stored XSS in webappPath parameter from content/control/EditWebSite (OFBIZ-12584)
Adds "webappPath" token in deniedWebShellTokens to definitely fix this issue
Also adds "assign" token for possible future Freemarker exploits
> Stored XSS in webappPath parameter from content/control/EditWebSite
> -------------------------------------------------------------------
>
> Key: OFBIZ-12584
> URL: https://issues.apache.org/jira/browse/OFBIZ-12584
> Project: OFBiz
> Issue Type: Sub-task
> Components: content, framework/entity
> Affects Versions: 18.12.05
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Major
> Fix For: 18.12.06, 22.01.01
>
>
> A user with rights to modify and/or create websites may insert malicious HTML elements in
> the “webappPath” parameter from content/control/EditWebSite resulting in XSS.
> In order to trigger the XSS a victim needs to navigate to main page of the modified website (eg webpos or ecommerce) and interact with the malicious HTML elements (eg trigger the “onmouseover” event by navigating with the mouse over the “form” and/or “a” tags).
> Thanks to Matei "Mal" Badanoiu for reporting this post-auth vulnerabily
--
This message was sent by Atlassian Jira
(v8.20.1#820001)