Headline
CVE-2017-20176: Fix reflected XSS in new_window.php · ciubotaru/share-on-diaspora@fb6fae2
A vulnerability classified as problematic was found in ciubotaru share-on-diaspora 0.7.9. This vulnerability affects unknown code of the file new_window.php. The manipulation of the argument title/url leads to cross site scripting. The attack can be initiated remotely. The name of the patch is fb6fae2f8a9b146471450b5b0281046a17d1ac8d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-220204.
@@ -42,6 +42,16 @@ </style>
<script type="text/javascript"> // Use to prevent XSS // Code from http://shebang.brandonmintern.com/foolproof-html-escaping-in-javascript/ // Use the browser’s built-in functionality to quickly and safely escape // the string function escapeHtml(str) { var div = document.createElement(‘div’); div.appendChild(document.createTextNode(str)); return div.innerHTML; }
function extras(a) { var b = document.getElementById(“remember”).checked; var c = document.getElementById(“markdown”).checked; @@ -252,7 +262,7 @@ function redirect() { location.href = “about” } else { if (localStorage[“remember”] && localStorage[“remember”] === “true” && localStorage[“lastPod”] && redir !== “false”) { document.getElementsByTagName(‘body’)[0].innerHTML = “Sharing <b>” + title + "</b> (" + url + ") to " + localStorage[“lastPod”]; document.getElementsByTagName(‘body’)[0].innerHTML = “Sharing <b>” + escapeHtml(title) + "</b> (" + escapeHtml(url) + ") to " + escapeHtml(localStorage[“lastPod”]); var a = “http://” + localStorage[“lastPod”] + “/bookmarklet?url=” + encodeURIComponent(url) + “&title=” + encodeURIComponent(title); if (notes !== “”) { a += “¬es=” + encodeURIComponent(notes) @@ -262,7 +272,7 @@ function redirect() { return true } else { document.getElementById(“sharetitle”).value = title; document.getElementById(“shareurl”).innerHTML = url; document.getElementById(“shareurl”).innerHTML = escapeHtml(url); crealinks(); return false }