Comments (7)
And no one even replied to this? Amazing.
from pagekit.
Pagekit is (almost) dead. I suggest to head over to biskuit cms (Pagekit fork)
from pagekit.
DOM-based cross-site scripting arises when a script writes controllable data into the HTML document in an unsafe way. An attacker may be able to use the vulnerability to construct a URL that, if visited by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.
I don't see how this is possible. The field is filled with either content comming from the database or with content coming from the page user currently visiting the page. Nothing is used from the URL.
Additionally, dupe of #815
from pagekit.
DOM-based cross-site scripting arises when a script writes controllable data into the HTML document in an unsafe way. An attacker may be able to use the vulnerability to construct a URL that, if visited by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.
I don't see how this is possible. The field is filled with either content comming from the database or with content coming from the page user currently visiting the page. Nothing is used from the URL.
Additionally, dupe of #815
Well, it is literally explained in the OP how it works. If a logged in user navigates to a purposely crafted url their session might get stollen. For example by clicking the link in the comments. This is not something new.
from pagekit.
Well, it is literally explained in the OP how it works. If a logged in user navigates to a purposely crafted url their session might get stollen.
There is a generic explanation on how such attacks could work. However, it is not stated that this is always possible. In this specific scenario I don't see a possible attack here. Nothing from the URL is passed to the textarea, the textarea is only filled by the user or from server side. The user has to be logged in and have access to the admin panel (which should be granted to trusted users, only).
However, I am open to be convinced by the opposite by a working example.
For example by clicking the link in the comments.
User entered content in the comments is not using this editor component and additionally is sanitized.
This is not something new.
The attack vector is not something new. But, to be a threat it is also require that it can be exploited. And in this particular scenario, I don't see a possibility to exploit.
from pagekit.
Have you inspected an example provided by OP? He managed to inject a code into into DOM via CrossSite request.
P.S. PageKit development is dead anyway so yeah.
from pagekit.
I just see a statement that if a textare on the page is filled with a specific value, then this value is printed to the page. This is correct as this is the design of an HTML editor. However, I don't see steps to reproduce this issue. So, there is nothing I could check. I just see a code analysis of a tool from where I don't get what I have to do to reproduce the issue.
from pagekit.
Related Issues (20)
- Critical error while npm install with NodeJS 12 caused by gulp 3.9.1 dependency
- Installation failed due to InvalidArgumentException
- Broken link on Pagekit website
- PHP 7.4 - Array offset on value of type nul HOT 3
- Login widget causes "Notice: compact(): Undefined variable: options" for anonymous users HOT 3
- PageKit Dead Software HOT 1
- Not able to install (FatalThrowableError in ErrorHandler.php line 362:) HOT 10
- Support Rest API
- Uncaught Error: Class 'Doctrine\Common\Annotations\AnnotationRegistry' not found
- A stored XSS has been found in PageKit CMS affecting versions 1.0.18. HOT 2
- 500 Internal Server Error
- There is an XSS vulnerability in the place where the article is edited HOT 1
- The physical path can be seen through the error messages caused by some requests
- file upload vulnerability in pagekit 1.0.18
- var/www/html
- Not compatible with PHP 8.0
- Project is dead bu what about authors ? HOT 1
- Autocapitalization, autopunctuation, and autocorrect not working on Markdown field on iOS Safari HOT 1
- There is a logical flaw that leads to obtaining shell access.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pagekit.