The following warnings occurred:
Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.2.25 (Linux)
File Line Function
/global.php(961) : eval()'d code 26 errorHandler->error
/global.php 961 eval
/showthread.php 28 require_once





× This forum is read only. As of July 23, 2019, the UserSpice forums have been closed. To receive support, please join our Discord by clicking here. Thank you!
UserSpice   ›   Support Center   ›   UserSpice 4.3 and Below   ›   XSS security issue

  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
XSS security issue
Caspar Leo
User
Joined: Feb 2017
Posts: 4

Reputation: 0
#1
04-03-2017, 12:50 PM
Hey,

noticed a XSS vulnerability in users/edit_profile.php on line 45:

$newBio = $_POST['bio'];
Should be: $newBio = Input::get('bio');

Otherwise we got some naked & public scripts in users bios
  Reply
mudmin
Lead Developer
*******
Joined: Dec 2015
Posts: 2,285

Reputation: 17
#2
04-03-2017, 03:10 PM
Yep! You are right. Thank you for this. I will get this on the todo list. THANK YOU!
  Reply
mudmin
Lead Developer
*******
Joined: Dec 2015
Posts: 2,285

Reputation: 17
#3
04-16-2017, 01:16 PM
Actually, I double checked this. The problem with using Input::get there is that it would strip out all your formatting and punctuation. You'll noticed that the data is sanitized as it's displayed on the profile.php instead...
$usbio = html_entity_decode($thatUser->bio);

The XSS vulnerability should be taken care of by the token check done in the validation on line 41 unless you're seeing something I'm not.

I could definitely be missing something here. Let me know what you think.

  Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)