Opened 5 years ago

Last modified 3 years ago

#7672 released defect (fixed)

Contributory XSS: possibility for injection in certain components

Reported by: Henri Sara Owned by: Henri Sara
Priority: critical Milestone: Vaadin 6.6.7
Component: Component Version: 6.6.6
Keywords: Cc:
Depends on:
Workaround:
Verified:
Fv: no Pro Account: Mark as Priority

Description (last modified by Henri Sara)

There are several minor (contributory) XSS injection points if e.g. the user is able to set the URL of an icon used in certain components. The following locations are affected:

  • Table icons
  • Action icons
  • Embedded flash parameters and browser URL
  • ComboBox icons, input prompt and suggestion item text in popup width

calculation

  • Window icon
  • MenuBar icons

Exploiting most of these vulnerabilities requires e.g. that the user pastes snippets of attacker-written text to the application or the application developer uses user entered strings e.g. as icon names or URLs.

These vulnerabilities were found by Wouter Coekaerts (http://wouter.coekaerts.be) and in a security review following his analysis.

Change history (4)

comment:1 Changed 5 years ago by Henri Sara

  • Resolution set to fixed
  • Status changed from new to closed

Reviewed by Leif, corrections from review applied.

comment:2 Changed 5 years ago by Henri Sara

  • Description modified (diff)

comment:3 Changed 3 years ago by Artur Signell

  • Fv unset

comment:4 Changed 3 years ago by Artur Signell

  • Status changed from closed to released
Note: See TracTickets for help on using tickets.