It appears that the administation page of dogtag PKI is vulnerable to XSS attacks, wether through the SSL administration page, or the non-SSL administration page.
How reproducible:
Open these URLs : http://ipa_server:9180/ca/ee/ca/profileSelect?profileId=plop%3C/script%3E%3Cscr ipt%3Evar%20x=document.cookie;alert%28x%29;// https://ipa_server:9444/ca/ee/ca/profileSelect?profileId=plop%3C/script%3E%3Csc ript%3Evar%20x=document.cookie;alert%28x%29;//
Steps to Reproduce:
1. Browse similar URLs : https://ipa_server:9444/ca/ee/ca/profileSelect?profile Id=plop%3C/script%3E%3Cscript%3Evar%20x=document.cookie;alert%28x%29;// 2. Have a javascript pop-up being display.
Actual results:
Non-Filtered HTML code that triggers javascript
Expected results:
Filtered HTML code
Ported changes from other release over, tested the listed test cases to work fine. Submitting patch for review.
Patch reviewed, pushed to master:
Counting objects: 26, done. Delta compression using up to 8 threads. Compressing objects: 100% (24/24), done. Writing objects: 100% (26/26), 3.84 KiB | 0 bytes/s, done. Total 26 (delta 21), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/pki.git dd4926b4083bcd8898aef703e316403036ce581b master -> master
Metadata Update from @mharmsen: - Issue assigned to jmagne - Issue set to the milestone: 10.2.4
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1935
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.