•  
      request #27173 XSS via the title of a document
    Infos
    #27173
    Nicolas Terray (nterray)
    2022-06-29 10:39
    2022-06-14 09:21
    28695
    Details
    XSS via the title of a document

    The title of a document is not properly escaped in the search result of MyDocmanSearch widget.

    Impact

    A malicious user with the capability to create a document could force victim to execute uncontrolled code.
    CVSSv3.1 score: 5.4 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

    Exploitation

    The issue can be demonstrated by creating a document with title Foobar <script>alert(1)</script> and:

    • search its id with the personal widget Document Id Search.
    • lock it and go to document administration » locked documents

    References

    CWE 79
    OWASP Cross-site Scripting
    CVE-2022-31063

    Doc/Documentation manager
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Nicolas Terray (nterray)
    Closed
    2022-06-14
    Attachments
    Empty
    References
    Referencing request #27173
    Referenced by request #27173

    Artifact Tracker v5

    rel #25714 13.10

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2022-06-14 17:20

    CVE-2022-31063 has been assigned to this issue.


    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    User avatar
    Thomas Gerbet (tgerbet)2022-06-14 11:42

    Integrated into Tuleap 13.9.99.111.


    • Status changed from Under review to Closed
    • Connected artifacts
    • Close date set to 2022-06-14
    User avatar
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    User avatar
    Thomas Gerbet (tgerbet)2022-06-14 09:25
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes