Beside other quip reply parameters not being filtered correctly, the comment text field has XSS vulnerability. I could hack a whole modx website within quip comment vulnerability. Requirements for a successful attack: view the comment from the MODX manager.
I can not post all the details before a fix, or this will leave all MODX sites using quip exposed.
In "quip.class.php", "cleanse" function needs a lot of work.
Temporary workaround:
Uncomment line 453 in quip.class.php and add the below line as first code line in the function
$body = preg_replace('#(<[^>]+?[\x00-\x20"\'])(?:on|xmlns)[^>]*+>#iu', '$1>', $body)
Beside other quip reply parameters not being filtered correctly, the comment text field has XSS vulnerability. I could hack a whole modx website within quip comment vulnerability. Requirements for a successful attack: view the comment from the MODX manager.
I can not post all the details before a fix, or this will leave all MODX sites using quip exposed.
In "quip.class.php", "cleanse" function needs a lot of work.
Temporary workaround: Uncomment line 453 in quip.class.php and add the below line as first code line in the function $body = preg_replace('#(<[^>]+?[\x00-\x20"\'])(?:on|xmlns)[^>]*+>#iu', '$1>', $body)