Closed Bug 463054 (WH-1628181) Opened 11 years ago Closed 10 years ago

XSS vulns on tiki-editpage.php

Categories

(support.mozilla.org :: Knowledge Base Software, task, critical)

task
Not set
critical

Tracking

(Not tracked)

VERIFIED FIXED

People

(Reporter: reed, Assigned: jsocol)

References

()

Details

(Keywords: wsec-xss, Whiteboard: tiki_fixed)

Attachments

(2 files)

Assignee: nobody → laura
Target Milestone: --- → 0.7.2
In r19584 I merged in the new anti-XSS code from tiki 2.0.  This seems to put the kibosh on this one, although I don't really like how it works.

Will be in prod branch soon when we replace it with trunk this iteration due to the svn re-org.
Status: NEW → RESOLVED
Closed: 11 years ago
Keywords: push-needed
Resolution: --- → FIXED
Group: websites-security
Group: websites-security
Sentinel still shows an open vector for:

http://support.mozilla.com/tiki-editpage.php?page=%3Cwhscheck%3E

I can confirm:

	<div class="feature-contents">
		<div id="breadcrumbs"><ul>
		<li><a href="/kb/">Firefox Support</a></li>
		                                                              <li class="divider">/</li><li><whscheck></li>
                                      
	</ul></div>
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Keywords: push-needed
This is a common file so it might close some of the others as well, will test.
Attachment #352325 - Flags: review?(nelson)
Target Milestone: 0.7.2 → 0.8
Attachment #352325 - Flags: review?(nelson) → review+
In trunk r20084, prod r20085.
Status: REOPENED → RESOLVED
Closed: 11 years ago11 years ago
Resolution: --- → FIXED
http://support.mozilla.com/tiki-editpage.php?page=%3Cwhscheck%3E from comment 2 WFM now; Verified FIXED.
Status: RESOLVED → VERIFIED
Whiteboard: tiki_triage
Depends on: 516631
Whiteboard: tiki_triage → tiki_fixed
Sentinel reopened this on the last pass... listing these two urls:

http://support.mozilla.com/tiki-editpage.php?locale="whscheck="whscheck&page=*Ostala%20Firefox%20podr%C5%A1ka&source_page=Other%20Firefox%20support&oldver=21&newver=23&diff_style=inlinediff-full

http://support.mozilla.com/tiki-editpage.php?locale="whscheck="whscheck&page=*Cannot%20connect%20after%20upgrading%20Firefox
Status: VERIFIED → REOPENED
Resolution: FIXED → ---
Looks like there were a couple of unescaped or incorrectly escaped variables. Fixed in both templates/styles/mozkb/tiki-editpage.tpl and templates/tiki-editpage.tpl.
Assignee: laura → james
Attachment #412030 - Flags: review?(morgamic)
Comment on attachment 412030 [details] [diff] [review]
tiki-editpage.tpl

escapes for me.  I don't see another hole.
Attachment #412030 - Flags: review?(morgamic) → review+
r56354.
Status: REOPENED → RESOLVED
Closed: 11 years ago10 years ago
Resolution: --- → FIXED
Target Milestone: 0.8 → 1.5
Verified FIXED:

Prod: <input type="hidden" name="locale" value=""whscheck="whscheck" />
Staging: <input type="hidden" name="locale" value="&quot;whscheck=&quot;whscheck" />

For both URLs in comment 6.
Status: RESOLVED → VERIFIED
Adding keywords to bugs for metrics, no action required.  Sorry about bugmail spam.
Keywords: wsec-xss
These bugs are all resolved, so I'm removing the security flag from them.
Group: websites-security
You need to log in before you can comment on or make changes to this bug.