There is one XSS(stored) vulnerability that can get Cookies from other account

[zzzskd]

There exists XSS(stored) vulnerability in Rich Text Box.

The vulnerability replication process is as follows：

1. Capture packets when you add picture through Rich Text Box.
2. Then, change raw data into <img src="a" onerror="alert(document.cookie)" />.
3. After successful saving，users' cookies will pop up.

[easysoft]

Thank you for your feedback. We will fix it in the next release.

[NicoleG25]

@easysoft was this issue ever addressed? Please note that CVE-2019-14731 was assigned to this issue. If it was addressed could you kindly point me to the fixing commit ? Thanks in advance !

[reneeteng]

Hello Nicole. This is Renee from EasySoft and I'm writing to talk about the vulnerability issue. Can I have your email to contact you? Mine is renee@easycorp.ltd.

---

From: Nicole notifications@github.com Sent: Wednesday, April 22, 2020 19:32 To: easysoft/zentaopms zentaopms@noreply.github.com Cc: Subscribed subscribed@noreply.github.com Subject: Re: [easysoft/zentaopms] There is one XSS(stored) vulnerability that can get Cookies from other account (#35)

@easysofthttps://github.com/easysoft was this issue ever addressed? Please note that CVE-2019-14731https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14731 was assigned to this issue. If it was addressed could you kindly point me to the fixing commit ? Thanks in advance !

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/easysoft/zentaopms/issues/35#issuecomment-617721450, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AEAFXV7MXUI4YXD6HUPJUZTRN3IVZANCNFSM4IJMDS7A.

[0x10f2c]

Just trying to understand if this issue was resolved as this still seems to execute?

[reneeteng]

Just trying to understand if this issue was resolved as this still seems to execute?

Yes, this is resolved in 11.6.1.