Joomla! Issue Tracker | Joomla! CMS #34264 - [4.0] potential xss jupdatecheck.es6.js

Closed
9 Jun 2021
Medium
Build: staging
# 34264

brianteeman
28 May 2021

Unsanitized input from data from a remote resource flows into innerHTML, where it is used to dynamically construct the HTML page on client side. This may result in a DOM Based Cross-Site Scripting attack

joomla-cms/build/media_source/plg_quickicon_joomlaupdate/js/jupdatecheck.es6.js

Line 18 in 818407d

span.innerHTML = text;

(reported in this repo as it is unreleased code following the advice of JSST)

brianteeman - open - 28 May 2021

joomla-cms-bot - change - 28 May 2021

Labels

Added: ?

joomla-cms-bot - labeled - 28 May 2021

brianteeman - change - 9 Jun 2021

Status	New	⇒	Closed
Closed_Date	0000-00-00 00:00:00	⇒	2021-06-09 13:00:05
Closed_By		⇒	brianteeman

brianteeman - close - 9 Jun 2021

brianteeman - comment - 9 Jun 2021

Closed see #34472

Add a Comment

Older
Newer

Joomla! Issue Tracker - CMS

[#34264] - [4.0] potential xss jupdatecheck.es6.js

Add a Comment