•  
      request #35143 XSS on the edition page of a release
    Infos
    #35143
    Thomas Gerbet (tgerbet)
    2023-12-11 09:13
    2023-11-23 11:57
    36746
    Details
    XSS on the edition page of a release

    The name of the releases are not properly escaped on the edition page of a release

    Impact

    A malicious user with the ability to create a FRS release could force a victim having write permissions in the FRS to execute uncontrolled code.
    CVSSv3.1 score: 5.4 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

    Exploitation

    1. Create a release named "></select><img src=a onerror=alert(1)>
    2. Edit another release

    References

    CWE 79
    OWASP Cross-site Scripting
    CVE-2023-48715

    Acknowledgements

    This issue was identified thanks to Psalm taint analysis.

    Delivery/File release system
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2023-11-24
    Attachments
    Empty
    References

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2023-12-11 09:13

    Public disclosure.

    CVE-2023-48715 was assigned to this issue.


    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes