U4-2022 - Cross Site Scripting Vulnurability in Umbraco 6

Created by Ahmed Sheipani 29 Mar 2013, 01:05:57 Updated by Sebastiaan Janssen 19 Apr 2013, 07:02:53

Umbraco 6.0.2 is vulnerable to XSS in the admin panel through URL manipulation. The following URLs will execute script. http://site.com/umbraco/#content http://site.com/umbraco/#media http://site.com/umbraco/#settings http://site.com/umbraco/#developer http://site.com/umbraco/#users http://site.com/umbraco/#members

Vulnerability impact is considered major.

Comments

Sebastiaan Janssen 29 Mar 2013, 11:25:07

Thanks for the report and thank you for setting it to be visible by Core developers only!

I've assigned this to Shannon for him to take a look at.


Sebastiaan Janssen 29 Mar 2013, 20:33:57

Hey Shannon, the fix for this is throwing a JS error when there's no section name in the URL (Uncaught TypeError: Cannot read property 'length' of null HistoryManager.js:16). Be good to check if the hashvalue was empty first.


Shannon Deminick 29 Mar 2013, 23:38:56

Yeah must have been a previous revision you've tried as I've pushed a fix for that.


Priority: Major

Type: Bug

State: Fixed

Assignee: Shannon Deminick

Difficulty: Very Easy

Category: Security

Backwards Compatible: True

Fix Submitted:

Affected versions: 4.8.0, 4.9.0, 4.10.0, 4.11.0, 6.0.0, 4.9.1, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 6.0.1, 4.11.5, 6.0.2, 4.11.6, 6.0.3

Due in version: 6.0.4, 4.11.7

Sprint:

Story Points:

Cycle: