Bug #11859: CVE-2015-5282 - Parameter hide/show checkbox allows stored XSS during textbox change - Foreman

Actions

Copy link

Bug #11859

closed

CVE-2015-5282 - Parameter hide/show checkbox allows stored XSS during textbox change

Added by Dominic Cleal over 8 years ago. Updated almost 6 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Shlomi Zadok

Category:

Security

Target version:

1.10.0

Difficulty:

Triaged:

Bugzilla link:

1268995

Pull request:

https://github.com/theforeman/foreman/pull/2736

Fixed in Releases:

Found in Releases:

Red Hat JIRA:

Description

We allow storage of key/value parameters globally or assigned to various objects, and using a tickbox in the UI the values can be hidden to mask them from casual viewing. The tickbox that hides/shows the value fails to handle HTML properly and so is vulnerable to an XSS issue where HTML can be stored in a parameter, and executed by another user if they later tick the hide/show box.

An example on the global parameters form is:

">&lt;script&gt;alert("hi")&lt;/script&gt;&lt;b c=&quot;

Store this in a parameter value, reload the page and click the "Hidden value" checkbox and the JavaScript will execute. The reverse is probably possible too.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Custom queries

Bug #11859

CVE-2015-5282 - Parameter hide/show checkbox allows stored XSS during textbox change

Updated by The Foreman Bot over 8 years ago

Updated by Dominic Cleal over 8 years ago

Updated by Dominic Cleal over 8 years ago

Updated by Shlomi Zadok over 8 years ago

Updated by Bryan Kearney over 8 years ago