Ticket #7672 (closed defect: fixed)

Opened 8 months ago

Last modified 8 months ago

Contributory XSS: possibility for injection in certain components

Reported by: Henri Sara Owned by: Henri Sara
Priority: critical Milestone: Vaadin 6.6.7
Component: Component Version: 6.6.6
Keywords: Cc:
Hours estimate: Hours done:
Depends on:
Workaround:
Affects release notes: no

Description (last modified by Henri Sara) (diff)

There are several minor (contributory) XSS injection points if e.g. the user is able to set the URL of an icon used in certain components. The following locations are affected:

  • Table icons
  • Action icons
  • Embedded flash parameters and browser URL
  • ComboBox icons, input prompt and suggestion item text in popup width

calculation

  • Window icon
  • MenuBar icons

Exploiting most of these vulnerabilities requires e.g. that the user pastes snippets of attacker-written text to the application or the application developer uses user entered strings e.g. as icon names or URLs.

These vulnerabilities were found by Wouter Coekaerts ( http://wouter.coekaerts.be) and in a security review following his analysis.

Change History

comment:1 Changed 8 months ago by Henri Sara

  • Status changed from new to closed
  • Resolution set to fixed

Reviewed by Leif, corrections from review applied.

comment:2 Changed 8 months ago by Henri Sara

  • Description modified (diff)
Note: See TracTickets for help on using tickets.