Opened 2 years ago

Closed 2 years ago

#1488613 closed Bugs (fixed)

XSS Issues

Reported by: NightRanger Owned by:
Priority: 1 - Highest Milestone: 0.8.1
Component: Security Version: 0.8.0
Severity: major Keywords: XSS
Cc: shai@…

Description

  1. Description: Stored XSS in e-mail body.

Send an html formatted email to the victim with the following html code: <a href=javascript:alert("XSS")>Click Me</a>.

You can do this also from the WYSIWYG editor by creating a new link and in the url insert: javascript:alert("XSS").

The insert link function doesn't validates URL properly.

once the user clicks on the url the XSS should be triggered.

  1. Self XSS in e-mail body (Signature).

In order to trigger this XSS you should insert the payload: "><img src='1.jpg'onerror=javascript:alert("XSS")> into your signature

Settings -> Identities -> Your Identitiy -> Signature
Now create a new mail, XSS Should be triggered.

Attachments (5)

1.jpg (176.8 KB) - added by NightRanger 2 years ago.
XSS in HREF
2.jpg (109.2 KB) - added by NightRanger 2 years ago.
Self XSS 1
3.jpg (107.6 KB) - added by NightRanger 2 years ago.
Self XSS 2
bullet-right.gif (46 bytes) - added by Kurty 6 weeks ago.
http://amazonfinder.tumblr.com/
Health and Fitness Essentials of Recumbent Exercise Bicycles.pdf (9.2 KB) - added by Kurty 3 hours ago.
recumbent bike http://exerciserbikes.blog.fc2.com/

Download all attachments as: .zip

Change History (7)

Changed 2 years ago by NightRanger

XSS in HREF

Changed 2 years ago by NightRanger

Self XSS 1

Changed 2 years ago by NightRanger

Self XSS 2

comment:1 Changed 2 years ago by alec

  • Milestone changed from later to 0.8.1

comment:2 Changed 2 years ago by alec

  • Resolution set to fixed
  • Status changed from new to closed
  1. fixed in c086978f6a91eacb339fd2976202fca9dad2ef32. For the record, 1st was a regression in 0.8. 2nd has a less severity, so I don't think we need backport to 0.7.
Note: See TracTickets for help on using tickets.