Page MenuHomePhabricator
Create Task
Maniphest T119118

style, class, linkstyle & linkclass parameters allow XSS
Closed, ResolvedPublic
Actions

Description

The WikiCategoryTagCloud extension doesn't properly validate the values of the aforementioned four XML-style extension parameters.

Proper fix is to call htmlspecialchars() with ENT_QUOTES as the 2nd param (class & linkclass parameters) or Sanitizer::checkCss() (linkstyle & style parameters).

Event Timeline

Maniphest changed the visibility from "Public (No Login Required)" to "Custom Policy".Nov 19 2015, 9:10 PM
Maniphest changed the edit policy from "All Users" to "Custom Policy".
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 19 2015, 9:10 PM
ashley created this task.Nov 19 2015, 9:10 PM
ashley claimed this task.
ashley triaged this task as Medium priority.
ashley updated the task description. (Show Details)
ashley added projects: WikiCategoryTagCloud, Vuln-XSS, acl*security.
ashley changed Security from None to Software security bug.
ashley edited subscribers, added: ashley, csteipp; removed: Aklapper.
ashley closed this task as Resolved.Nov 19 2015, 9:47 PM

Should be fixed in the great refactoring (version 1.3) of WikiCategoryTagCloud.

Legoktm changed the visibility from "Custom Policy" to "Public (No Login Required)".Nov 19 2015, 10:00 PM
Legoktm changed the edit policy from "Custom Policy" to "All Users".
Legoktm changed Security from Software security bug to None.
chasemp added a project: Security.Feb 10 2020, 10:59 PM
chasemp removed a project: acl*security.Feb 20 2020, 8:17 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL