Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #9138 Persistent XSS via a tracker field label
    Actions
    Infos
    #9138
    Thomas Gerbet (tgerbet)
    2016-05-06 12:32
    2016-05-06 10:26
    9390
    Details
    Persistent XSS via a tracker field label

    A persistent XSS could be injected via a tracker field label.

    Impact

    An attacker who has the possibility to administrate a tracker could use this vulnerability to force a victim to execute uncontrolled code.
    CVSS3 score: 4.1 (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N)

    Proof of concept

    Edit or create a tracker field and put this payload in the label:  onClick=alert(1) a=

    Now, go to an artifact in this tracker and edit the field you have edited or created. The XSS is trigerred.

    References

    https://cwe.mitre.org/data/definitions/79.html
    https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29

    Trackers
    8.14
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2016-05-06
    Attachments
    Artifact links
    Empty
    Empty
    References
    Referencing request #9138

    Artifact Tracker v5

    rel #8982 8.15

    Git commit

    tuleap/tuleap/stable

    Merge commit 'refs/changes/09/5609/1' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD 8a7cbc71f6
    User avatar Marie Ange Garnier (marieange) , 2016-05-06 12:25
    request #9138: Persistent XSS via a tracker field label b5c0823672
    User avatar Thomas Gerbet (tgerbet) , 2016-05-06 10:30
    Referenced by request #9138

    Other

    gerrit #5609
    Display settings

    Follow-ups