Community
Participate
Working Groups
Created attachment 238638 [details] XSS in action From the security inbox: -- I Found Vulnerability Flaw (Xss) In "www.eclipse.org" exactly in "www.eclipse.org/downloads/" -- With a picture attachment. Based on the picture, it appears that the vulnerability manifests in the package filter.
Thanks Wayne for opening this bug. I was able to reproduce this with: <img src=x onerror=prompt(0)> We are using https://github.com/luis-almeida/filtrify for the package filter. I will need to open an issue on github once we have a fix. I think this is only exploitable if the user type this himself in the text field.
I created this issue: https://github.com/luis-almeida/filtrify/issues/46
(In reply to Christopher Guindon from comment #1) > I think this is only exploitable if the user type this himself in the text > field. Agreed. I think that this one is low-risk.
In follow up correspondence, the reporter asked to be named. Abderrazak Y3S discovered and reported this vulnerability.
(In reply to Wayne Beaton from comment #3) > (In reply to Christopher Guindon from comment #1) > > I think this is only exploitable if the user type this himself in the text > > field. > > Agreed. I think that this one is low-risk. Not to contradict you, but those looking for such exploits have no trouble typing into the field themselves ... or, using a "robo dialer" to do such typing. That's part of the point ... we need to cover the "unexpected" cases. I'm not saying that makes it high risk ... but, just as risky as any other XSS exploit.
(In reply to David Williams from comment #5) > (In reply to Wayne Beaton from comment #3) > > (In reply to Christopher Guindon from comment #1) > > > I think this is only exploitable if the user type this himself in the text > > > field. > > > > Agreed. I think that this one is low-risk. > > Not to contradict you, but those looking for such exploits have no trouble > typing into the field themselves ... or, using a "robo dialer" to do such > typing. That's part of the point ... we need to cover the "unexpected" > cases. > > I'm not saying that makes it high risk ... but, just as risky as any other > XSS exploit. I created a pull request to fix this. https://github.com/luis-almeida/filtrify/pull/65 I added my commit to our downloads page. This should be fixed now.