https://bugs.documentfoundation.org/show_bug.cgi?id=146021
Bug ID: 146021
Summary: Js injection via reuse cookie
Product: LibreOffice
Version: 7.0.2.2 release
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: medium
Component: LibreOffice
Assignee: [email protected]
Reporter: [email protected]
Description:
Js and css can inject into loleaflet.html via cookie
Steps to Reproduce:
1. Create a cookie like this: i18next=zh-CN</script><script>alert(1)</script>
2. Visit loleaflet.html.https://localhost/loleaflet/dist/loleaflet.html
Actual Results:
Find alert(1) execute
Expected Results:
alert(1) not execute
Reproducible: Always
User Profile Reset: No
Additional Info:
LibreOffice Online
LOOLWSD
7.0.1 (git hash: ad175179)
服务提供方: 8e42134b
LOKit
LibreOffice 7.0.2.2.0
(git hash: bc99794)
"CentOS Linux 7 (Core)"
Copyright © 2021, root.
--
You are receiving this mail because:
You are the assignee for the bug.
