•  
      request #7755 Non persistent XSS and open redirect in redirect page
    Infos
    #7755
    Thomas Gerbet (tgerbet)
    2015-03-04 16:22
    2015-01-08 11:32
    7757
    Details
    Non persistent XSS and open redirect in redirect page

    Non persistent XSS could be injected in the redirection page (/my/redirect.php) via the parameter return_to. The same parameter allow an open redirection.

    Impact

    An attacker could use this vulnerability to force a victim to execute uncontrolled code or to redirect a victim to a untrusted website.

    CVSS2 score : 5 (AV:N/AC:L/Au:N/C:N/I:P/A:N)

    Exploit

    XSS: <tuleap_url>/my/redirect.php?return_to=javascript:alert(1)
    Open redirect: <tuleap_url>/my/redirect.php?return_to=http://evil.tld

    References

    http://cwe.mitre.org/data/definitions/79.html
    https://cwe.mitre.org/data/definitions/601.htm

    Other
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2015-01-19
    Attachments
    Empty
    References

    Follow-ups

    User avatar
    Merged in Tuleap 7.9.99.38

    • Status changed from Under review to Closed
    • Close date set to 2015-01-19
    User avatar
    Thomas Gerbet (tgerbet)2015-01-13 10:22
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes