View Issue Details

Related ChangesetsJump to NotesJump to History
This bug affects 1 person(s).
 262
IDProjectCategoryView StatusDate SubmittedLast Update
12234Bug reportsSecuritypublic2017-03-28 15:102019-04-04 15:27
ReporterDenisChenu Assigned ToDenisChenu  
PrioritynoneSeverityminor 
Status closedResolutionfixed 
Product Version2.06+ 
Fixed in Version2.06+ 
Summary12234: XSS in browse response
Description

Filename :<img onerror=alert(1) src=a>.png : browse + public part are broken

Additional Information

https://bugs.limesurvey.org/view.php?id=12225

TagsNo tags attached.
Attached Files
Capture du 2017-03-28 15-13-37.png (43,036 bytes)   
Capture du 2017-03-28 15-13-37.png (43,036 bytes)   
Bug heat262
Complete LimeSurvey version number (& build)2.6lts
I will donate to the project if issue is resolvedNo
Browsernot relevant
Database type & versionnot relevant
Server OS (if known)not relevant
Webserver software & version (if known)not relevant
PHP Versionnot relevant

Relationships

Relationship GraphDependency Graph
has duplicate 14737 closedDenisChenu XSS with file upload 

Users monitoring this issue

There are no users monitoring this issue.

Activities

DenisChenu

DenisChenu

2017-03-28 16:28

developer   ~43356

Fix committed to 2.06lts branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=22514

Related Changesets

LimeSurvey: 2.06lts bfded0fb

2017-03-28 18:19

DenisChenu


Details Diff		 Fixed issue 12234: [security] XSS in browse response Affected Issues
12234
mod - application/controllers/admin/responses.php Diff File

LimeSurvey: 2.06lts 5abf08ff

2017-03-28 18:27

DenisChenu


Details Diff		 Fixed issue 12234: [security] XSS in upload files Affected Issues
12234
mod - scripts/modaldialog.js Diff File
mod - scripts/uploader.js Diff File

Issue History

Date Modified Username Field Change
2017-03-28 15:10 DenisChenu New Issue
2017-03-28 15:10 DenisChenu Status new => assigned
2017-03-28 15:10 DenisChenu Assigned To => DenisChenu
2017-03-28 15:12 DenisChenu View Status public => private
2017-03-28 15:14 DenisChenu File Added: Capture du 2017-03-28 15-13-37.png
2017-03-28 16:28 DenisChenu Changeset attached => LimeSurvey 2.06lts bfded0fb
2017-03-28 16:28 DenisChenu Changeset attached => LimeSurvey 2.06lts 5abf08ff
2017-03-28 16:28 DenisChenu Note Added: 43356
2017-03-28 16:28 DenisChenu Resolution open => fixed
2017-03-28 16:29 DenisChenu Status assigned => resolved
2017-03-28 16:29 DenisChenu Fixed in Version => 2.06+
2017-06-12 17:18 c_schmitz Status resolved => closed
2019-04-04 15:17 DenisChenu Relationship added has duplicate 14737
2019-04-04 15:27 DenisChenu View Status private => public