XSS vulnerability

Question

XSS vulnerability

3as0n opened this issue 4 years ago · 1 comments

https://github.com/symphonycms/symphonycms/blob/master/symphony/content/content.blueprintsevents.php

$about = General::array_map_recursive('stripslashes', $existing->about());
....
....
....
$this->appendSubheading(($isEditing ? $about['name'] : __('Untitled')))
....
....
....

public function appendSubheading($value, $actions = null)
    {
        if (!is_array($actions) && $actions) { // Backward compatibility
            $actions = array($actions);
        }

        if (!empty($actions)) {
            foreach ($actions as $a) {
                $this->insertAction($a);
            }
        }

        $this->Breadcrumbs->appendChild(new XMLElement('h2', $value, array('role' => 'heading', 'id' => 'symphony-subheading')));
    }

Here data from $_POST to HTML allows attacker to trigger an XSS with payload llike fields['name']=a<script>alert(1)</script>

Answer 1 · 2020-06-18T02:02:23.000Z

3as0n commented 4 years ago