Joomla! Issue Tracker | Joomla! CMS #34266 - [4.0] potential xss changelog.es6.js

Closed
9 Jun 2021
Medium
Build: staging
# 34266

brianteeman
28 May 2021

Unsanitized input from data from a remote resource flows into innerHTML, where it is used to dynamically construct the HTML page on client side. This may result in a DOM Based Cross-Site Scripting attack

joomla-cms/build/media_source/com_installer/js/changelog.es6.js

Line 48 in f61b9ae

modal.innerHTML = message;

(reported in this repo as it is unreleased code following the advice of JSST)

brianteeman - open - 28 May 2021

joomla-cms-bot - change - 28 May 2021

Labels

Added: ?

joomla-cms-bot - labeled - 28 May 2021

dgrammatiko - comment - 28 May 2021

Could use

 modal.innerHTML = Joomla.sanitizeHtml(message);

But, there's a catch, the message needs to be html not plain text (I have no clue what the message could be just by looking at the code). It could be mitigated with something like:

 modal.innerHTML = Joomla.sanitizeHtml(`<div>${message}</div>`);

IF there's a possibility the message to be plain text)

Also this needs to be applied in all the instances of innerHTML were the data could be manipulated (eg server response, etc)

brianteeman - change - 9 Jun 2021

Status	New	⇒	Closed
Closed_Date	0000-00-00 00:00:00	⇒	2021-06-09 12:59:49
Closed_By		⇒	brianteeman

brianteeman - close - 9 Jun 2021

brianteeman - comment - 9 Jun 2021

Closed see #34472

Add a Comment

Older
Newer

Joomla! Issue Tracker - CMS

[#34266] - [4.0] potential xss changelog.es6.js

Add a Comment