Headline

CVE-2022-47928: fix: [security] XSS in the template file uploads · MISP/MISP@684d3e5

In MISP before 2.4.167, there is XSS in the template file uploads in app/View/Templates/upload_file.ctp.

2 years ago

CVE

Open in Source

#xss #js #java #php

@@ -6,7 +6,7 @@ if ($batch == ‘yes’) {

$multiple = false;

if (isset($filenames)) {

$buttonText = __(‘Replace File’);

} else {

$buttonText = __(‘Upload File’);

}

@@ -18,13 +18,13 @@ if ($batch == ‘yes’) {

echo $this->Form->end();

</div>

<span id="fileUploadButton_<?php echo $element_id; ?>" role="button" tabindex="0" aria-label="<?php echo $buttonText; ?>" title="<?php echo $buttonText; ?>" class="btn btn-primary" onClick="templateFileUploadTriggerBrowse(‘<?php echo $element_id; ?>’);"><?php echo $buttonText; ?></span>

<span id="fileUploadButton_<?php echo h($element_id); ?>" role="button" tabindex="0" aria-label="<?php echo $buttonText; ?>" title="<?php echo $buttonText; ?>" class="btn btn-primary" onClick="templateFileUploadTriggerBrowse(<?php echo json_encode($element_id); ?>);"><?php echo $buttonText; ?></span>

$(document).ready(function() {

<?php if (isset($filenames)): ?>

var fileArray = JSON.parse(‘<?php echo $fileArray;?>’);

templateFileHiddenAdd(fileArray, '<?php echo $element_id; ?>’, ‘<?php echo $batch; ?>’);

showMessage('<?php echo $upload_error ? ‘fail’ : 'success’; ?>’, '<?php echo $result; ?>’, ‘iframe’);

templateFileHiddenAdd(fileArray, '<?php echo h($element_id); ?>’, ‘<?php echo h($batch); ?>’);

showMessage('<?php echo $upload_error ? ‘fail’ : 'success’; ?>’, '<?php echo h($result); ?>’, ‘iframe’);

<?php endif; ?>

});