Opened 9 years ago
Closed 9 years ago
#14380 closed Bug (invalid)
XSS Vulnerability bug report
| Reported by: | Balaji | Owned by: | |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | General | Version: | 4.5.7 |
| Keywords: | Cc: |
Description
Steps to reproduce
- Go to the Blog link http://ckeditor.com/blog/CKEditor-4.5.7-Released . well you can choose any blog from your website.
- Go to the comment box. And type XSS payload as follows:
"/><svg/onload=prompt(1);> in Name and comment box area and store it.
- After stored comment you will see the Stored based XSS is popped up.
- This is so much risk which stored the malicious code over the website using this editor. Now whoever come to this page those people will become victim of XSS attack, May be attacker can steal User account details or other techniques he use.
Expected result
Actual result
POC = http://prntscr.com/a0762w
Other details (browser, OS, CKEditor version, installed plugins)
Attachments (2)
Change History (3)
Changed 9 years ago by
| Attachment: | step 1.png added |
|---|
Changed 9 years ago by
| Attachment: | step 2.png added |
|---|
comment:1 Changed 9 years ago by
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
Note: See
TracTickets for help on using
tickets.
First of all this is not the right place to report security issues. When creating a ticket, there is even a warning shown above the form:
In any case your report is invalid as the issue had nothing to do with CKEditor. It was an error on the website: the "name" text input where you entered the user name with XSS vector was incorrectly filtered before displaying it on the page. The "name" text input does not have even CKEditor enabled on it.
If you ever again find a security issue and you seriously care about other users: use the contact form, do not post it publicly before we fix the issue, publish a security release and notify users about it.