search

sonata-project / SonataPageBundle

This bundle provides a Site and Page management through container and block services
https://docs.sonata-project.org/projects/SonataPageBundle
MIT License
219 stars 209 forks source link

XSS possibillity in Page Blocks - Block Name Javascript #1007

Closed fafiebig closed 4 years ago

fafiebig commented 6 years ago

Sonata packages

sonata-project/admin-bundle              3.23.0             3.38.3          The missing Symfony Admin Generator
sonata-project/block-bundle              3.3.2              3.12.1          Symfony SonataBlockBundle
sonata-project/cache                     1.0.7              1.0.7           Cache library
sonata-project/cache-bundle              2.3.1              2.4.2           This bundle provides caching services
sonata-project/classification-bundle     3.3.1              3.7.1           Symfony SonataClassificationBundle
sonata-project/core-bundle               3.4.0              3.11.2          Symfony SonataCoreBundle
sonata-project/datagrid-bundle           2.2.1              2.3.1           Symfony SonataDatagridBundle
sonata-project/doctrine-extensions       1.0.2              1.0.2           Doctrine2 behavioral extensions
sonata-project/doctrine-orm-admin-bundle 3.1.7              3.6.1           Symfony Sonata / Integrate Doctrine ORM into the SonataAdminBundle
sonata-project/easy-extends-bundle       2.2.0              2.5.0           Symfony SonataEasyExtendsBundle
sonata-project/exporter                  1.7.1              1.9.1           Lightweight Exporter library
sonata-project/formatter-bundle          3.2.2              3.5.0           Symfony SonataFormatterBundle
sonata-project/intl-bundle               2.2.4              2.5.0           Symfony SonataIntlBundle
sonata-project/media-bundle              3.6.0              3.15.0          Symfony SonataMediaBundle
sonata-project/notification-bundle       3.2.0              3.5.1           Symfony SonataNotificationBundle
sonata-project/page-bundle               3.x-dev d66da16    3.x-dev d7bf24b This bundle provides a Site and Page management through container and block services
sonata-project/seo-bundle                2.2.0              2.6.0           Symfony SonataSeoBundle
sonata-project/timeline-bundle           3.1.1              3.3.1           Integrates SpyTimelineBundle into Sonata
sonata-project/translation-bundle        2.1.1              2.3.1           SonataTranslationBundle
sonata-project/user-bundle               dev-master fca7672 3.x-dev 9ce7143 Symfony SonataUserBundle

Symfony packages

symfony/monolog-bundle     v3.1.0 v3.3.0 Symfony MonologBundle
symfony/phpunit-bridge     v3.3.9 v4.1.4 Symfony PHPUnit Bridge
symfony/polyfill-apcu      v1.5.0 v1.9.0 Symfony polyfill backporting apcu_* functions to lower PHP versions
symfony/polyfill-intl-icu  v1.5.0 v1.9.0 Symfony polyfill for intl's ICU-related data and classes
symfony/polyfill-mbstring  v1.5.0 v1.9.0 Symfony polyfill for the Mbstring extension
symfony/polyfill-php56     v1.5.0 v1.9.0 Symfony polyfill backporting some PHP 5.6+ features to lower PHP versions
symfony/polyfill-php70     v1.5.0 v1.9.0 Symfony polyfill backporting some PHP 7.0+ features to lower PHP versions
symfony/polyfill-php72     v1.5.0 v1.9.0 Symfony polyfill backporting some PHP 7.2+ features to lower PHP versions
symfony/polyfill-util      v1.5.0 v1.9.0 Symfony utilities for portability of PHP codes
symfony/security-acl       v3.0.0 v3.0.1 Symfony Security Component - ACL (Access Control List)
symfony/swiftmailer-bundle v2.6.3 v3.2.3 Symfony SwiftmailerBundle
symfony/symfony            v3.3.6 v3.3.6 The Symfony PHP framework

PHP version

PHP 7.1.10 (cli) (built: Oct 10 2017 01:30:46) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.1.0, Copyright (c) 1998-2017 Zend Technologies
    with Zend OPcache v7.1.10, Copyright (c) 1999-2017, by Zend Technologies
    with Xdebug v2.6.0, Copyright (c) 2002-2018, by Derick Rethans

Subject

when using XSS code in the block name field in the page editor view, it will be executed by javascript.

Steps to reproduce

add a new block into a container and enter

new blockname"><img src=x onerror=alert("XSS") /><span title="

into the block name field (top field of the new block) and store the block. Expand the block and the XSS will be executed

Expected results

XSS code should not be executed (should be validated on store)

stale[bot] commented 4 years ago

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.