Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

XSS issue in downloading file through webdav url

Description

Summary:
When downloading an HTML file with JavaScript content through the WebDAV link, the JavaScript is executed allowing for an XSS attack.

Steps to reproduce:

1)Upload the attached xss.html
2)Select the file, go to the information screen
On the right there is 3 links to allow for downloading the file: "Download (0.1k) Get URL or WebDAV URL"
3)Click the WebDAV URL, and copy paste the URL for that in a new tab in your browser
Note that the XSS popup is shown in the browser, instead of the file being downloaded as text.
When you click get URL and use the given URL, the file is properly downloaded and not shown as HTML.

Attachments

1
  • 21 May 2012, 11:38 AM

Activity

Show:

Samuel KongJuly 3, 2012 at 1:05 AM

Committed on:
Portal 6.1.x CE GIT ID: bc71cd89572ad346d5b5c2a0042b1ef721bd1ee8.

EdGJune 25, 2012 at 5:03 PM

Slated for inclusion in 6.1.1 CE GA2

Pani GuiMay 22, 2012 at 10:55 PM

PASSED Manual Testing following the steps in the description.

Reproduced on:
Tomcat 7.0 + MySQL 5. 6.1.10 EE GA1.

The XSS popup is shown in the browser.

Fixed on:
Tomcat 7.0 + MySQL 5. Portal 6.1.x EE GIT ID: 75eea5b6d07187864739026a062a8df59a8e293a.
Tomcat 7.0 + MySQL 5. Portal 6.2.x GIT ID: 1aed0c438672d4200851ba3b802764c2efe2c0b1.

The file is properly downloaded.

Fixed
Pinned fields
Click on the next to a field label to start pinning.

Details

Assignee

Reporter

Labels

Branch Version/s

6.1.x
6.0.x

Backported to Branch

Committed

Fix Priority

5

Git Pull Request

Components

Fix versions

Affects versions

Priority

Zendesk Support

Created May 19, 2012 at 1:45 AM
Updated June 24, 2023 at 3:56 PM
Resolved April 20, 2015 at 12:11 PM