Headline
CVE-2022-1682: We check the url parameter of the link to ensure that it is a valid c… · NeoRazorX/facturascripts@8e31d84
Reflected Xss using url based payload in GitHub repository neorazorx/facturascripts prior to 2022.07. Xss can use to steal user’s cookies which lead to Account takeover or do any malicious activity in victim’s browser
@@ -24,6 +24,7 @@
use FacturaScripts\Core\Base\DataBase\DataBaseWhere;
use FacturaScripts\Core\Lib\Widget\VisualItemLoadEngine;
use FacturaScripts\Dinamic\Model\CodeModel;
use FacturaScripts\Dinamic\Model\Page;
use FacturaScripts\Dinamic\Model\PageOption;
use FacturaScripts\Dinamic\Model\User;
use Symfony\Component\HttpFoundation\Response;
@@ -121,7 +122,7 @@ public function privateCore(&$response, $user, $permissions)
parent::privateCore($response, $user, $permissions);
$this->model = new PageOption();
$this->loadSelectedViewName();
$this->backPage = $this->request->get(‘url’) ?: $this->selectedViewName;
$this->setBackPage();
$this->selectedUser = $this->user->admin ? $this->request->get(‘nick’) : $this->user->nick;
$this->loadPageOptions();
@@ -275,6 +276,22 @@ private function loadPageOptionsForUser(): bool
return true;
}
private function setBackPage()
{
// check if the url is a real controller name
$url = $this->request->get('url’, ‘’);
$pageModel = new Page();
foreach ($pageModel->all([], [], 0, 0) as $page) {
if (substr($url, 0, strlen($page->name)) === $page->name) {
$this->backPage = $url;
return;
}
}
// set the default back page
$this->backPage = $this->selectedViewName;
}
/**
* @param array $column
* @param string $name
Related news
Reflected Xss using url based payload in GitHub repository neorazorx/facturascripts prior to 2022.07. Xss can use to steal user's cookies which lead to Account takeover or do any malicious activity in victim's browser