Joomla! Issue Tracker | Joomla! CMS #34265 - [4.0] potential xss finder.es6.js

Closed
9 Jun 2021
Medium
Build: staging
# 34265

brianteeman
28 May 2021

Unsanitized input from data from a remote resource flows into innerHTML, where it is used to dynamically construct the HTML page on client side. This may result in a DOM Based Cross-Site Scripting attack

joomla-cms/build/media_source/com_finder/js/indexer.es6.js

Line 111 in f61b9ae

progressMessage.innerHTML = json.message;

(reported in this repo as it is unreleased code following the advice of JSST)

brianteeman - open - 28 May 2021

joomla-cms-bot - change - 28 May 2021

Labels

Added: ?

joomla-cms-bot - labeled - 28 May 2021

brianteeman - close - 9 Jun 2021

brianteeman - comment - 9 Jun 2021

Closed see #34472

brianteeman - change - 9 Jun 2021

Status	New	⇒	Closed
Closed_Date	0000-00-00 00:00:00	⇒	2021-06-09 12:59:56
Closed_By		⇒	brianteeman

Add a Comment

Older
Newer

Joomla! Issue Tracker - CMS

[#34265] - [4.0] potential xss finder.es6.js

Add a Comment