Closed ClevenL closed 1 year ago
What would be a solution to redirect the path to content?
The /content
endpoint has been introduced in last release (12.0.0
), so I would say : keep your deployement up to date :)
3.1.2-3
from Debian bullseye (= current stable) also affected?@mgautierfr Do you mean this bug is fixed or inoperant in latest version of kiwix-serve?
There was a (unknown at the time) bug in previous version where we was vulnerable to XSS injection. With the introduction of the js viewer we have "fixed" this issue as we now correctly "sanitize" the input.
The fix is not especially related to the js viewer. Just that we have done things better when coding the /content
endpoint.
Sorry for being a bit vague. I have identified some deployments of Kiwix that do not redirect arbitrary path to
content
path and therefore are vulnerable to XSS injection.Deployment like this would trigger an XXS with eg. payload:
https://kiwix.example.domain/%22%3E%3Cimg%20src=X%20onerror=alert(1)%3E
https://library.kiwix.org/%22%3E%3Cimg%20src=X%20onerror=alert(1)%3E
library.kiwix.org
redirects correctly tocontent
path where the input is correctly sanitized.https://library.kiwix.org/content/%22%3E%3Cimg%20src=X%20onerror=alert(1)%3E
What would be a solution to redirect the path to
content
? Is there a missing configuration? Since I have identified several deployments with this kind of issue then the deployment process might need updating to avoid the misconfiguration.