request #10849 XSS in reference tooltips

Infos

Artifact ID#10849

Submitted byThomas Gerbet (tgerbet)

Last Modified On2017-12-11 13:11

Submitted on2017-11-23 15:59

Rank11077

Details

Summary *

XSS in reference tooltips

Original Submission

XSS can injected in the reference tooltips.

Impact

An attacker could use this vulnerability to force a victim to execute uncontrolled code.
CVSSv3 score: 5.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Exploitation

Create a release in a package named like <img src=a onerror=alert(1)> and reference this release somewhere else with a cross ref. Going hover the cross ref will trigger the XSS.

References

CWE 79
OWASP Cross-site Scripting

CategoryOther

Reported in versionAll

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listEmpty

Stage

Assigned toEmpty

StatusClosed

Close date2017-11-28

Attachments

AttachmentsEmpty

References

Cross references

Referencing request #10849

Git commit

tuleap/tuleap/stable

Merge commit 'refs/changes/95/9995/1' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD f60b1025eb

Yannis ROSSETTO (rossettoy) , 2017-11-28 14:38

request #10849: XSS in reference tooltips a1a096d1e4

Thomas Gerbet (tgerbet) , 2017-11-23 16:30

Show items referenced by request #10849

Referenced by request #10849

Artifact Tracker v5

rel #10588 9.15

Other

Follow-ups

Yannis ROSSETTO (rossettoy)

2017-11-28 14:39

Integrated into Tuleap 9.14.99.124

Status changed from Under review to Closed
Connected artifacts
- Added Fixed in: rel #10588
Close date set to 2017-11-28

Thomas Gerbet (tgerbet)

2017-11-23 16:31

A patch is under review: gerrit #9995.

Status changed from Under implementation to Under review