Cross-Site Scripting (XSS) on Wiki pages
Bug #1797927 reported by
Lorenzo Di Fuccia
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu Documentation |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
I found this security issue on the Ubuntu Wiki pages (wiki.ubuntu.com).
The issue is a Reflected Cross-Site Scripting (XSS) from the URL path.
When you directly reach a page that does not exist, the Wiki will show you an error message reflecting what you searched.
The user-supplied input is not validated and escaped, so it lead to an arbitrary HTML and JavaScript code injection on the page.
Proof-of-Concept:
Reach the following page:
https:/
MITRE CWE: CWE-79 Type 1
OWASP Top 10 2017: A7 - Cross-Site Scripting (XSS)
information type: | Private Security → Public Security |
information type: | Public Security → Private Security |
To post a comment you must log in.
Thanks for your report.
I'm not able to reproduce the behavior, though. When I try to access a page which does not exist, it simply takes me to a page where I'm offered a URL to create it, for instance:
https:/ /wiki.ubuntu. com/notexists? action= edit
So can you please let us know which steps exactly you take to encounter the problem.