New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

mezzanine xss #1921

Open

deFming opened this issue Apr 23, 2019 · 2 comments

Labels

bug

deFming commented Apr 23, 2019

Version: <=4.3.1
My English is not good, the report is translated by Google.
Recurring vulnerabilities:
Vulnerability url: http://127.0.0.1:8000/admin/blog/blogpost/add/
When adding a blog, use Burpsuite to capture the package, modify the title to test<svg/onload=alert(1)> and the content as <svg>

Return http://127.0.0.1:8000/blog/ to trigger the xss

The cause of the vulnerability is due to the description_from_content function of core/models.py, line 184, where the value of title is called, resulting in xss

The text was updated successfully, but these errors were encountered:

Collaborator

kenbolton commented Apr 24, 2019

Is this what you are describing? https://nvd.nist.gov/vuln/detail/CVE-2018-16632

Resolved by stephenmcd/grappelli-safe@cb1d459

Author

deFming commented Apr 24, 2019 •

edited

Loading

Is this what you are describing? https://nvd.nist.gov/vuln/detail/CVE-2018-16632

Resolved by stephenmcd/grappelli-safe@cb1d459

No, not the same, the trigger point of this xss is in the 112 line
https://github.com/stephenmcd/mezzanine/blob/master/mezzanine/blog/templates/blog/blog_post_list.html line112

jerivas added the bug label

# for free to join this conversation on GitHub. Already have an account? # to comment