Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

XSS vulnerability in comments (2.3.3-pl) #11

Open
minagerges opened this issue Sep 26, 2014 · 1 comment
Open

XSS vulnerability in comments (2.3.3-pl) #11

minagerges opened this issue Sep 26, 2014 · 1 comment

Comments

@minagerges
Copy link

Beside other quip reply parameters not being filtered correctly, the comment text field has XSS vulnerability. I could hack a whole modx website within quip comment vulnerability. Requirements for a successful attack: view the comment from the MODX manager.

I can not post all the details before a fix, or this will leave all MODX sites using quip exposed.

In "quip.class.php", "cleanse" function needs a lot of work.

Temporary workaround:
Uncomment line 453 in quip.class.php and add the below line as first code line in the function
$body = preg_replace('#(<[^>]+?[\x00-\x20"'])(?:on|xmlns)[^>]*+>#iu', '$1>', $body)
@minagerges minagerges changed the title XSS in comments XSS vulnerability in comments (2.3.3-pl) Sep 26, 2014
@vierkantemeter
Copy link

+1 Unbelievable this is not patched yet....

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vierkantemeter @minagerges