Bug 1215030 (CVE-2015-3162)
Summary: | HTML tags in recipe set comments are not escaped in the "edit comment" dialog | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Retired] Beaker | Reporter: | Dan Callaghan <dcallagh> | ||||||
Component: | general | Assignee: | Dan Callaghan <dcallagh> | ||||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | tools-bugs <tools-bugs> | ||||||
Severity: | unspecified | Docs Contact: | |||||||
Priority: | unspecified | ||||||||
Version: | 19 | CC: | aigao, asaha, dcallagh, dowang, drewbinskyn, ebaak, huiwang, ineilsen, jskeoch, junichi.nomura, kueda, lzhuang, mjia, naoya.horiguchi, pen-test, rpotts, security-response-team, tatsu-ab1, tflink | ||||||
Target Milestone: | 20.1 | Keywords: | Patch, Security | ||||||
Target Release: | --- | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2015-05-08 04:06:03 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 1215894 | ||||||||
Attachments: |
|
Description
Dan Callaghan
2015-04-24 07:23:48 UTC
Created attachment 1020005 [details]
proposed patch
Verified this issue. The result is FAILED. Version: Beaker 20.1.git.5.24dc482 Steps to Reproduce: 1. Submit a job, then cancel it 2. On the job page, ack or nack your job 3. Click "comment" and edit the comment to be: <script>alert('xss')</script> Result: The script still be executed. Ah yes, there is another one I missed... full steps to reproduce are: 1. Submit a job, then cancel it 2. On the job page, ack or nack your job 3. Click "comment" 4. Click "edit" and change the comment to: <script>alert('xss')</script>, then click "save" 5. Refresh the job page 6. Click "comment" 7. Click "edit" Script is executed. Created attachment 1021565 [details]
proposed patch v2
This patch addresses the other missed escaping, in the edit comment dialog. (Sigh, that code makes me very sad.)
Verified this issue. The result is PASS. Version: Beaker 20.1.git.5.fd65027 Beaker 20.1 has been released. This comment was flagged a spam, view the edit history to see the original text if required. This comment was flagged a spam, view the edit history to see the original text if required. My suggestion is that you should reset or review your comment settings https://ovo-game.com This comment was flagged a spam, view the edit history to see the original text if required. This comment was flagged a spam, view the edit history to see the original text if required. |