•  
      request #9500 Reflected XSS in the Subversion revisions browsing
    Infos
    #9500
    Thomas Gerbet (tgerbet)
    2016-10-17 11:34
    2016-09-16 14:21
    9768
    Details
    Reflected XSS in the Subversion revisions browsing

    A reflected XSS could be injected via the parameters _srch of the Subversion revisions browsing page.

    Impact

    An attacker could use this vulnerability to force a victim to execute uncontrolled code.
    CVSSv3 score: 6.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

    Exploitation

    Go to https://<tuleap_url>/svn/?func=browse&group_id=<project_id>&_srch=a+onfocus%3Dalert(1)+autofocus
    The JavaScript code will be executedonce the page is loaded.

    References

    https://cwe.mitre.org/data/definitions/79.html
    https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29

    Credit

    Thanks to Mehmet Ince from PRODAFT for having disclosed responsibly this vulnerability.

    SCM/Subversion
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2016-09-19
    Attachments
    Empty
    References
    Referencing request #9500
    Referenced by request #9500

    Artifact Tracker v5

    rel #9341 9.0

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2016-09-23 16:39
    Add credit.

    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    User avatar
    Integrated into Tuleap 8.19.99.9.

    Thanks

    • Status changed from Under review to Closed
    • Close date set to 2016-09-19
    User avatar
    This introduced a regression. Entities appear when you browse in French (Afficher les commits par&nbsp;:).

    I reopen it so that you can fix it.

    • Status changed from Closed to Reopen
    • Close date cleared
    User avatar
    Integrated into Tuleap 8.19.99.5

    • Status changed from Under review to Closed
    • Connected artifacts
    • Close date set to 2016-09-19
    User avatar
    Thomas Gerbet (tgerbet)2016-09-18 22:29
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes