14634: XSS Attack Vector - KCFinder - LimeSurvey bugs and feature requests

This bug affects 1 person(s).

254

ID	Project	Category	View Status	Date Submitted	Last Update

14634	Bug reports	Security	public	2019-03-12 13:50	2019-04-02 16:39

Reporter	~~markusfluer~~	Assigned To	DenisChenu
Priority	none	Severity	partial_block
Status	closed	Resolution	fixed
Product Version	3.16.x
Fixed in Version	3.17.x

Summary	14634: XSS Attack Vector - KCFinder
Description	KCFinder has an open attack vector by get request: https://<domain>/third_party/kcfinder/upload.php?&CKEditorFuncNum=1-alert(1),2,3);}else{alert(document.domain);}if(true){//
Tags	No tags attached.

Bug heat	254
Complete LimeSurvey version number (& build)	3.16.0
I will donate to the project if issue is resolved	No
Browser
Database type & version	irrevelant
Server OS (if known)
Webserver software & version (if known)
PHP Version	irrevelant

User List	Mazi

Date Modified	Username	Field	Change
2019-03-12 13:50	~~markusfluer~~	New Issue
2019-03-22 16:00	DenisChenu	View Status	public => private
2019-03-22 18:58	DenisChenu	Note Added: 51100
2019-03-23 09:25	DenisChenu	Assigned To	=> DenisChenu
2019-03-23 09:25	DenisChenu	Status	new => assigned
2019-03-25 08:38	DenisChenu	Status	assigned => resolved
2019-03-25 08:38	DenisChenu	Resolution	open => fixed
2019-03-25 08:38	DenisChenu	Note Added: 51114
2019-03-25 08:38	DenisChenu	View Status	private => public
2019-03-25 08:41	DenisChenu	Fixed in Version	=> 3.16.x
2019-04-02 15:45	Mazi	Issue Monitored: Mazi
2019-04-02 16:39	ollehar	Status	resolved => closed
2019-04-02 16:39	ollehar	Fixed in Version	3.16.x => 3.17.x
2021-08-10 04:33	guest	Bug heat	252 => 254

DenisChenu 2019-03-22 18:58 developer ~51100	I have js alert : unknow error with this link

DenisChenu 2019-03-25 08:38 developer ~51114	https://github.com/LimeSurvey/LimeSurvey/commit/79ae17251261f2f21ec10e750a56da1ae22fb0fa