[
https://issues.apache.org/jira/browse/OFBIZ-12584?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17506040#comment-17506040
]
ASF subversion and git services commented on OFBIZ-12584:
---------------------------------------------------------
Commit 7482dc6966cfda0e8c3074d6c26be075a9ab1229 in ofbiz-framework's branch
refs/heads/release18.12 from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=7482dc6 ]
Fixed: Stored XSS in webappPath parameter from content/control/EditWebSite
(OFBIZ-12584)
Adds "webappPath" token in deniedWebShellTokens to definitely fix this issue
Also adds "assign" token for possible future Freemarker exploits
> Stored XSS in webappPath parameter from content/control/EditWebSite
> -------------------------------------------------------------------
>
> Key: OFBIZ-12584
> URL: https://issues.apache.org/jira/browse/OFBIZ-12584
> Project: OFBiz
> Issue Type: Sub-task
> Components: content, framework/entity
> Affects Versions: 18.12.05
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Major
> Fix For: 18.12.06, 22.01.01
>
>
> A user with rights to modify and/or create websites may insert malicious HTML
> elements in
> the “webappPath” parameter from content/control/EditWebSite resulting in XSS.
> In order to trigger the XSS a victim needs to navigate to main page of the
> modified website (eg webpos or ecommerce) and interact with the malicious
> HTML elements (eg trigger the “onmouseover” event by navigating with the
> mouse over the “form” and/or “a” tags).
> Thanks to Matei "Mal" Badanoiu for reporting this post-auth vulnerabily
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
