Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #10854 XSS on pages where an Angular app can be loaded
    Actions
    Infos
    #10854
    Thomas Gerbet (tgerbet)
    2017-12-11 13:12
    2017-11-24 15:26
    11079
    Details
    XSS on pages where an Angular app can be loaded

    XSS can be injected in the initialization data of Tuleap Angular apps.

    Impact

    An attacker could use this vulnerability to force a victim to execute uncontrolled code.
    CVSSv3 score: 5.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

    Exploitation

    Use the REST API to set your preference with the key agiledashboard_kanban_item_view_mode_<kanban_id> to something like ' + {{constructor.constructor('alert(1)')()}} then access the kanban with the ID <kanban_id>.

    References

    CWE 79
    OWASP Cross-site Scripting

    Agile Dashboard
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2017-11-27
    Attachments
    Artifact links

    Releases

    Fixed in

    Artifact ID Project Tracker Summary Status Last Update Date Submitted By Assigned to
    rel #10588 Tuleap Releases 9.15 Delivered 2017-07-12 17:01 Manuel Vacelet (vaceletm)
    Empty
    References
    Referencing request #10854

    Git commit

    tuleap/tuleap/stable

    Merge commit 'refs/changes/15/10015/3' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD 94508a1511
    User avatar Joris MASSON (jmasson) , 2017-11-27 14:06
    request #10854: XSS on pages where an Angular app can be loaded 5507c1216f
    User avatar Thomas Gerbet (tgerbet) , 2017-11-27 11:50
    request #10854: XSS on pages where an Angular app can be loaded 4cd3172cb0
    User avatar Thomas Gerbet (tgerbet) , 2017-11-27 09:40
    Referenced by request #10854

    Artifact Tracker v5

    rel #10588 9.15

    Other

    gerrit #10015
    gerrit #10017
    Display settings

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2017-11-27 15:36
    All public repositories impacted by this issue has been fixed.
    • Status changed from Under review to Closed
    • Close date set to 2017-11-27
    User avatar
    Thomas Gerbet (tgerbet)2017-11-24 16:45
    • Summary
      -XSS on pages where an Angular can be loaded 
      +XSS on pages where an Angular app can be loaded 
    User avatar
    Thomas Gerbet (tgerbet)2017-11-24 16:40
    • Summary
      -XSS on pages where a kanban can be loaded 
      +XSS on pages where an Angular can be loaded 
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    User avatar
    Thomas Gerbet (tgerbet)2017-11-24 16:03
    • Summary
      -Self-XSS on pages where a kanban can be loaded 
      +XSS on pages where a kanban can be loaded 
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    User avatar
    Thomas Gerbet (tgerbet)2017-11-24 15:27
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes