Headline
CVE-2022-29710: Fixed issue: [security] Minor XSS issue in plugin overview - reported… · LimeSurvey/LimeSurvey@f7b3561
A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin.
@@ -2,8 +2,7 @@ <div class=’pagetitle h3’><?php eT(‘Confirm uploaded plugin’); ?></div>
<?php // Only show config summary if config could be found. ?> <?php if (isset($config)): ?>
<?php if (isset($config)) : ?> <?php echo CHtml::form( Yii::app()->getController()->createUrl( '/admin/pluginmanager’, @@ -16,14 +15,14 @@
<input type="hidden" name="isUpdate" value="<?php echo json_encode($isUpdate); ?>" />
<?php if ($isUpdate): ?> <?php if ($isUpdate) : ?> <div class=’alert alert-info’> <p> <i class=’fa fa-info’></i> <?php eT(‘The following plugin will be updated. Please click “Update” to update the plugin, or “Abort” to abort.’); ?> </p> </div> <?php else: ?> <?php else : ?> <div class=’alert alert-info’> <p> <i class=’fa fa-info’></i> @@ -35,33 +34,33 @@ <!-- Name --> <div class="form-group col-sm-12"> <label class="col-sm-4 control-label"><?php eT(“Name:”); ?></label> <div class="col-sm-4"><?php echo $config->getName(); ?></div> <div class="col-sm-4"><?=htmlentities($config->getName()); ?></div> </div>
<!-- Description --> <div class="form-group col-sm-12"> <label class="col-sm-4 control-label"><?php eT(“Description:”); ?></label> <div class="col-sm-8"><?php echo $config->getDescription(); ?></div> <div class="col-sm-8"><?=htmlentities($config->getDescription()); ?></div>
This comment has been minimized.
Copy link
****Shnoulle** Apr 20, 2022**
Collaborator
Hu … some plugin have HTML or markdown in descrition.
Since this plugin part are PHP system and can not be updated by simple user. I really think it’s a bad idea …
This comment has been minimized.
Copy link
****Shnoulle** Apr 20, 2022 •**
Collaborator
Oups : only upload confirm. Maybe then …
But htmlentities : striptags or filter …
</div>
<!-- Version --> <div class="form-group col-sm-12"> <label class="col-sm-4 control-label"><?php eT(“Version:”); ?></label> <div class="col-sm-4"><?php echo $config->getVersion(); ?></div> <div class="col-sm-4"><?=htmlentities($config->getVersion()); ?></div> </div>
<!-- Author --> <div class="form-group col-sm-12"> <label class="col-sm-4 control-label"><?php eT(“Author:”); ?></label> <div class="col-sm-4"><?php echo $config->getAuthor(); ?></div> <div class="col-sm-4"><?=htmlentities($config->getAuthor()); ?></div> </div>
<!-- Compatible --> <div class="form-group col-sm-12"> <label class="col-sm-4 control-label"><?php eT(“Compatible”); ?></label> <?php if ($config->isCompatible()): ?> <?php if ($config->isCompatible()) : ?> <div class="col-sm-4"><span class="fa fa-check text-success"></span></div> <?php else: ?> <?php else : ?> <div class="col-sm-4"><span class="fa fa-times text-warning"></span></div> <?php endif; ?> </div> @@ -70,9 +69,9 @@ <div class="form-group col-sm-12"> <label class="col-sm-4 control-label"></label> <div class="col-sm-4"> <?php if ($isUpdate): ?> <?php if ($isUpdate) : ?> <input type="submit" class="btn btn-success" value="<?php eT(“Update”);?>" /> <?php else: ?> <?php else : ?> <input type="submit" class="btn btn-success" value="<?php eT(“Install”);?>" /> <?php endif; ?> <a href="<?php echo $abortUrl; ?>" class="btn btn-warning" data-dismiss="modal"><?php eT(“Abort”);?></a> @@ -81,8 +80,7 @@
</form>
<?php else: ?>
<?php else : ?> <div class=’alert alert-warning’> <p> <i class=’fa fa-warning’></i>