Project

General

Profile

Bug #16020

Reflective XSS in Smart Variables

Added by Tomer Brisker over 3 years ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Difficulty:
Triaged:
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1364025
Description of problem:
Build: Satellite 6.2 snap 21.2

Version-Release number of selected component (if applicable):

How reproducible:
Always

Steps to Reproduce:
1. Go to Smart Classes
2. Create a new variable for any class.
3. Select Array as datatype and default value as <script>alert(1)</script>
4. Select Optional Input validator and select list with [<script>alert(1)</script>] value

Actual results:
The script is run by the browser and input is not sanitized.

Expected results:
The user input should be sanitized and proper error should be thrown

Additional info:

Associated revisions

Revision cf0ce6d7 (diff)
Added by Tomer Brisker over 3 years ago

Fixes #16020 - Prevent reflective XSS on form validation

Error messages for various form fields were not properly escaped to
prevent HTML from being insert into them. This caused a possible
reflective XSS in smart class parameter/varaible default value
validations.

Revision 17b38a7c (diff)
Added by Tomer Brisker over 3 years ago

Fixes #16020 - Prevent reflective XSS on form validation

Error messages for various form fields were not properly escaped to
prevent HTML from being insert into them. This caused a possible
reflective XSS in smart class parameter/varaible default value
validations.

(cherry picked from commit cf0ce6d763014a0d637e402dc2266554b97beaa7)

History

#1 Updated by The Foreman Bot over 3 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/3712 added

#2 Updated by Tomer Brisker over 3 years ago

  • Target version set to 1.7.1

#3 Updated by Tomer Brisker over 3 years ago

  • Priority changed from High to Normal

#4 Updated by Daniel Lobato Garcia over 3 years ago

  • Target version changed from 1.7.1 to 1.6.2

#5 Updated by Anonymous over 3 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#6 Updated by Dominic Cleal over 3 years ago

  • Legacy Backlogs Release (now unused) set to 175

Also available in: Atom PDF