U4-9217 - Possible to insert malicious javascript in tags - XSS issue

Created by Sebastiaan Janssen 23 Nov 2016, 13:23:08 Updated by Sebastiaan Janssen 07 Dec 2016, 10:21:47

Tags: Unscheduled

Relates to: U4-9218

If you type the following into a tag: MaliciousTag<script>alert('malicious tag')</script> it will be accepted. The tag changes to just say MaliciousTag and the <script/> element seemingly disappears. The problem is that we still send the script tag to the database so improper querying of the tags on the frontend could lead to XSS issues.

Comments

Sebastiaan Janssen 23 Nov 2016, 13:39:35

Fixed in: https://github.com/umbraco/Umbraco-CMS/commit/47c8e6854ee2aafc99fa7fc0b7d901fc59020adb


Sebastiaan Janssen 05 Dec 2016, 07:30:51

Amended with this PR: https://github.com/umbraco/Umbraco-CMS/pull/1639/files


Priority: Normal

Type: Bug

State: Fixed

Assignee:

Difficulty: Normal

Category:

Backwards Compatible: True

Fix Submitted:

Affected versions:

Due in version: 7.5.5

Sprint: Sprint 47

Story Points:

Cycle: