Описание
Reflected XSS when importing CSV in OctoberCMS
Impact
A user with the ability to use the import functionality of the ImportExportController behavior could be socially engineered by an attacker to upload a maliciously crafted CSV file which could result in a reflected XSS attack on the user in question
Patches
Issue has been patched in Build 466 (v1.0.466).
Workarounds
Apply https://github.com/octobercms/october/commit/cd0b6a791f995d86071a024464c1702efc50f46c to your installation manually if unable to upgrade to Build 466.
References
Reported by Sivanesh Ashok
For more information
If you have any questions or comments about this advisory:
- Email us at hello@octobercms.com
Threat assessment:
Ссылки
- https://github.com/octobercms/october/security/advisories/GHSA-gg6x-xx78-448c
- https://nvd.nist.gov/vuln/detail/CVE-2020-5298
- https://github.com/octobercms/october/commit/cd0b6a791f995d86071a024464c1702efc50f46c
- http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html
- http://seclists.org/fulldisclosure/2020/Aug/2
Пакеты
october/backend
>= 1.0.319, < 1.0.466
1.0.466
Связанные уязвимости
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, a user with the ability to use the import functionality of the `ImportExportController` behavior can be socially engineered by an attacker to upload a maliciously crafted CSV file which could result in a reflected XSS attack on the user in question Issue has been patched in Build 466 (v1.0.466).