XSS Vulnerability Report

3 posts by 2 authors in: Forums > CMS Builder
Last Post: August 12   (RSS)

By dwellingproductions - August 10

Hi all! My client recently received a report of a potential XSS vulnerability related to the CMS Builder login page. I'm not sure if there's any validity to this or if it's anything to be concerned with, but I thought I'd reach out and get your advice. Here's the vulnerability report:

https://www.openbugbounty.org/reports/2613835/

It looks like they are inserting script tags in the URL. Perhaps there's a way to disallow this via the .htaccess file?

Any input is appreciated. :-)

Thanks in advance,
Jeremy

---------------------------

Dwelling Productions

www.dwellingproductions.com

By daniel - August 11

Hi Jeremy,

Thank you for bringing this to our attention!

As a short-term patch, you can update /cmsb/lib/init.php at line 649 from this:

alert(sprintf(t("Updating Program Url to: %s")."<br>\n", $SETTINGS['adminUrl']));

to this:

alert(sprintf(t("Updating Program Url to: %s")."<br>\n", htmlencode($SETTINGS['adminUrl'])));

This should - at a minimum - remove the XSS vulnerability reported, though we'll also be doing a review of some underlying factors and will release this and any additional security fixes in the next version of CMSB.

Let me know if you have any further questions!

Thanks again,

Daniel
Technical Lead
interactivetools.com