Fixed XSS stored on campaign delete button #2991
Conversation
|
Please remove any min.js files from this PR as they will be rebuilt at compile time. Also, minified js files cannot be audited in a reasonable amount of time and open the door for backdoors. We currently have our own fork and are starting to merge some PRs from here, so keep the code nice and clean. Btw. its a good finding, you should consider requesting a CVE for this if its still vulnerable. |
|
😆 sorry for that, not removing the whole thing; just removing your changes. |
|
only changes to campaings.js should be in this PR - hope that make sense |
Implement code from pull gophish#2991, fixing XSS vulnerability
|
@msegoviag: checkout this PR: evait-security#6 - that is fixing the vuln. The min files will be created at build time and should only pushed automaticly by the maintainer |
fix: Implement code from pull gophish#2991, fixing XSS vulnerability
Done, CVE requested :p CVE-2024-2211: https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-gophish-admin-panel |
|
How to mitigate this risk, what to do (from a user, admin perspective) to avoid Cross-Site Scripting vulnerabilities? |
This pull request fixes an XSS vulnerability stored in the campaign section. When creating a campaign named with Javascript code it is executed at the moment the campaign is deleted as the text displayed in the campaign delete confirmation button does not implement proper sanitisation. The escapeHtml() method has been correctly implemented in campaings.js to fix this vulnerability.
PoC:
https://youtu.be/UoVWliuAa6s