Closed Bug 468623 (WH-1659711) Opened 17 years ago Closed 16 years ago

XSS vulns on tiki-view_forum_thread.php

Categories

(support.mozilla.org :: Knowledge Base Software, task)

Product:
support.mozilla.org
Component:
Knowledge Base Software
Type:
task
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: reed, Assigned: jsocol)

References

(
URL
)

Details

(Keywords: wsec-xss, Whiteboard: tiki_test)

Attachments

(2 files)

Escapes params that output direct from the url
7.11 KB, patch
laura
: review+
Details | Diff | Splinter Review
Fix issue found in comment #4 along with other fixes - v1
27.59 KB, patch
ecooper
: review+
Details | Diff | Splinter Review
Target Milestone: --- → 0.8.1
Assignee: nobody → smirkingsisyphus
Escaped post footer and admin action links
Attachment #356873 - Flags: review?(laura)
Attachment #356873 - Flags: review?(laura) → review+
In trunk r21580, prod r21581.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Verified FIXED on staging, thanks!
Status: RESOLVED → VERIFIED
<div class="mini"> <a class="prevnext" href="/tiki-view_forum_thread.php?locale=en-US&amp;forumId=1&amp;comments_threshold="whscheck="whscheck()&amp;comments_parentId=2046&amp;comments_offset=0&amp;comments_per_page=20&amp;thread_style=commentStyle_plain">« Prev</a> <a class="prevnext" href="/tiki-view_forum_thread.php?locale=en-US&amp;forumId=1&amp;comments_threshold="whscheck="whscheck()&amp;comments_parentId=2046&amp;comments_offset=0&amp;comments_per_page=20&amp;thread_style=commentStyle_plain">1</a> <span class="current_page">2</span> <a class="prevnext" href="/tiki-view_forum_thread.php?locale=en-US&amp;forumId=1&amp;comments_threshold="whscheck="whscheck()&amp;comments_parentId=2046&amp;comments_offset=40&amp;comments_per_page=20&amp;thread_style=commentStyle_plain">3</a> <a class="prevnext" href="/tiki-view_forum_thread.php?locale=en-US&amp;forumId=1&amp;comments_threshold="whscheck="whscheck()&amp;comments_parentId=2046&amp;comments_offset=60&amp;comments_per_page=20&amp;thread_style=commentStyle_plain">4</a> <a class="prevnext" href="/tiki-view_forum_thread.php?locale=en-US&amp;forumId=1&amp;comments_threshold="whscheck="whscheck()&amp;comments_parentId=2046&amp;comments_offset=80&amp;comments_per_page=20&amp;thread_style=commentStyle_plain">5</a> <a class="prevnext" href="/tiki-view_forum_thread.php?locale=en-US&amp;forumId=1&amp;comments_threshold="whscheck="whscheck()&amp;comments_parentId=2046&amp;comments_offset=40&amp;comments_per_page=20&amp;thread_style=commentStyle_plain">Next »</a> </div>
Assignee: smirkingsisyphus → reed
Status: REOPENED → ASSIGNED
Attachment #368846 - Flags: review?(smirkingsisyphus)
1.0 is frozen and going out tomorrow, 1.1 freezes tomorrow and goes out next week. Pushing to 1.1.
Target Milestone: 1.0 → 1.1
(In reply to comment #7) > 1.0 is frozen and going out tomorrow, 1.1 freezes tomorrow and goes out next > week. Pushing to 1.1. Now that 1.0 is 0.9.5, does that mean 1.0 is going out next week? I would like this reviewed and pushed as soon as possible, especially considering how long the past ones have been delayed.
Target Milestone: 1.1 → 1.0
Attachment #368846 - Flags: review?(smirkingsisyphus) → review+
Comment on attachment 368846 [details] [diff] [review] Fix issue found in comment #4 along with other fixes - v1 Sorry for the delay. Looks good.
r23752/r23753
Status: ASSIGNED → RESOLVED
Closed: 17 years ago17 years ago
Resolution: --- → FIXED
Staging (http://support-stage.mozilla.org/tiki-view_forum_thread.php?locale=en-US&forumId=1&comments_threshold=%22whscheck=%22whscheck%28%29&comments_parentId=2046&comments_offset=20&comments_per_page=20&thread_style=commentStyle_plain): <a class="prevnext" href="/tiki-view_forum_thread.php?locale=en-US&amp;forumId=1&amp;comments_threshold=%22whscheck%3D%22whscheck%28%29&amp;comments_parentId=2046&amp;comments_offset=0&amp;comments_per_page=20&amp;thread_style=commentStyle_plain">« Prev</a> Verified FIXED
Status: RESOLVED → VERIFIED
Whiteboard: tiki_triage
Sentinel claims this vulnerability was re-introduced on 2009-09-28. Vulnerable URLS: http://support.mozilla.com/tiki-view_forum_thread.php?forumId=1&comments_parentId=215839&comments_grandParentId=%22whscheck=%22whscheck&comments_reply_threadId=215839&comments_offset=0&forumId=1 https://support.mozilla.com/tiki-view_forum_thread.php?comments_parentId=463957&%22whscheck=%22whscheck&forumId=1 http://support.mozilla.com/tiki-view_forum_thread.php?forumId=1&comments_parentId=215839&comments_grandParentId=&comments_reply_threadId=%22whscheck=%22whscheck&comments_offset=0&forumId=1 http://support.mozilla.com/tiki-view_forum_thread.php?locale=en-US&forumId=3&%22whscheck=%22whscheck&comments_parentId=431655&watch_event=forum_post_thread&watch_object=431655&watch_action=add https://support.mozilla.com/tiki-view_forum_thread.php?locale=%22whscheck=%22whscheck&comments_parentId=198326&forumId=1 https://support.mozilla.com/tiki-view_forum_thread.php?locale=%22whscheck=%22whscheck&forumId=1&comments_parentId=459192&watch_event=forum_post_thread&watch_object=459192&watch_action=add https://support.mozilla.com/tiki-view_forum_thread.php?locale=en-US&forumId=1&comments_parentId=459192&watch_event=forum_post_thread&watch_object=459192&watch_action=%22whscheck=%22whscheck https://support.mozilla.com/tiki-view_forum_thread.php?locale=en-US&forumId=1&comments_parentId=459192&watch_event=%22whscheck=%22whscheck&watch_object=459192&watch_action=add https://support.mozilla.com/tiki-view_forum_thread.php?locale=en-US&forumId=1&comments_parentId=459192&watch_event=forum_post_thread&watch_object=%22whscheck=%22whscheck&watch_action=add http://support.mozilla.com/tiki-view_forum_thread.php?locale=en-US&forumId=3&comments_parentId=431655&watch_event=forum_post_thread&watch_object=%22whscheck=%22whscheck&watch_action=add
Status: VERIFIED → REOPENED
Resolution: FIXED → ---
Assignee: reed → james
Target Milestone: 1.0 → ---
Target Milestone: --- → 1.5
We've had two releases since 2009-09-28 and a lot of these are looking closed--in several of them, I don't see "whscheck" in the output at all. Is there anything more up to date?
A WHS scan on 11/12 says this vulnerability is closed (see the XSS bugs in 1.4.2).
Status: REOPENED → RESOLVED
Closed: 17 years ago16 years ago
Resolution: --- → FIXED
Verified per comment 14 (James said he conferred with justdave).
Status: RESOLVED → VERIFIED
Whiteboard: tiki_triage → tiki_test
Adding keywords to bugs for metrics, no action required. Sorry about bugmail spam.
Keywords: wsec-xss
These bugs are all resolved, so I'm removing the security flag from them.
Group: websites-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: