Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#8859 closed bug (fixed)

Autocomplete: XSS in combobox demo

Reported by: DJtomy Owned by:
Priority: minor Milestone: 1.10.0
Component: ui.autocomplete Version:
Keywords: Cc:
Blocked by: Blocking:

Description

Hello, I would like to report a XSS vulnerability that I've found on your site.

Adress: http://jqueryui.com/autocomplete/#combobox

Steps to follow:

  1. enter in the textbox something like test><script>alert(document.cookie)</script>
  2. Press the Show All Items button or the Show underlying select button.

You'll see that the script is executed, which means that the autocomplete module makes the website vulnerable.

Even if the vulnerability might be useless in it's current context, it is a bad example for other webmasters that will fall into creating insecured websites folowing the on-site example. That's why I should this should be repaired as soon as possible.

Cheers!

Change History (5)

comment:1 Changed 7 years ago by Jörn Zaefferer

Component: ui.dialogui.autocomplete
Status: newopen
Summary: XSS in dialogAutocomplete: XSS in combobox demo

comment:2 Changed 7 years ago by Scott González

Resolution: fixed
Status: openclosed

Autocomplete demo: Combobox: Encode search term inside tooltips. Fixes #8859 - Autocomplete: XSS in combobox demo.

Changeset: 5fee6fd5000072ff32f2d65b6451f39af9e0e39e

comment:3 in reply to:  2 Changed 7 years ago by DJtomy

Replying to Scott González:

Autocomplete demo: Combobox: Encode search term inside tooltips. Fixes #8859 - Autocomplete: XSS in combobox demo.

Changeset: 5fee6fd5000072ff32f2d65b6451f39af9e0e39e

Just tested again, it is not fixed! XSS still working.

comment:4 Changed 7 years ago by mikesherov

DJTomy, the milestone is 1.10, which means it'll be fixed when that version is released.

comment:5 in reply to:  4 Changed 7 years ago by DJtomy

Replying to mikesherov:

DJTomy, the milestone is 1.10, which means it'll be fixed when that version is released.

I understand, my bad! Sorry for the trouble!

Note: See TracTickets for help on using tickets.