Open floyd-fuh opened 1 week ago
@fredericalpers I will check and fix it asap
@fredericalpers @floyd-fuh I have listed and checked the files that may have XSS and SQL Injection vulnerabilities in the table below, and I have updated the locations where XSS security errors may occur.
Please check and let me know your opinion. Thanks!
Thank you for fixing this, we will review this asap.
looks ok to me
You have two trivial reflected Cross-Site Scripting (XSS) issues that might have an impact or not, as I didn't test an attack vector/exploitability, e.g. I don't know if there is a trivial link-click exploit path (I simply didn't try because I don't even have this plugin installed anywhere). Nevertheless, I suggest you fix them:
https://github.com/onOffice-Web-Org/oo-wp-plugin/blob/45e3373226e18346c5770f47e74a717472f7c160/plugin/Gui/AdminPageFormSettingsBase.php#L764
and
https://github.com/onOffice-Web-Org/oo-wp-plugin/blob/45e3373226e18346c5770f47e74a717472f7c160/plugin/Gui/AdminPageSettingsBase.php#L176
Obviously if the URL GET parameter
id
is something like?id="><script>alert(1)</script>
this will trigger the alert.Again, I didn't test it, there might be a hundred code paths that verify the
id
parameter to be numeric before this code is trigger - or not, I didn't check.As far as I saw you know what HTML output encoding is and means, so this should be trivial to fix.