Headline

GHSA-j386-3444-qgwg: Trix allows Cross-site Scripting via `javascript:` url in a link

The Trix editor, versions prior to 2.1.11, is vulnerable to XSS when pasting malicious code in the link field.

Impact

An attacker could trick the user to copy&paste a malicious javascript: URL as a link that would execute arbitrary JavaScript code within the context of the user’s session, potentially leading to unauthorized actions being performed or sensitive information being disclosed.

See https://gist.github.com/th4s1s/3921fd9c3e324ad9a3e0d846166e3eb8

Patches

Update Recommendation: Users should upgrade to Trix editor version 2.1.12 or later.

Workarounds

This is not really a workaround but something that should be considered in addition to upgrading to the patched version. If affected users can disallow browsers that don’t support a Content Security Policy, then this would be an effective workaround for this and all XSS vulnerabilities. Set CSP policies such as script-src ‘self’ to ensure that only scripts hosted on the same origin are executed, and explicitly prohibit inline scripts using script-src-elem.

References

https://gist.github.com/th4s1s/3921fd9c3e324ad9a3e0d846166e3eb8

Credits

This vulnerability was reported by Hackerone researcher https://hackerone.com/lio346?type=user

4 months ago

ghsa

Open in Source

#xss #vulnerability #git #java #auth

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.

Attack complexity: More severe for the least complex attacks.

Privileges required: More severe if no privileges are required.

User interaction: More severe when no user interaction is required.

Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.

Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.

Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.

Availability: More severe when the loss of impacted component availability is highest.

ghsa: Latest News

GHSA-qfm8-78qf-p75j: The Front End User Registration extension for TYPO3 (sr_feuser_register) Remote Code Execution

8 hours ago

ghsa

GHSA-hq4f-5qjv-fwrg: The Backup Plus extension for TYPO3 (ns_backup) has a Predictable Resource Location

8 hours ago

ghsa

GHSA-pqqp-7cp8-vxvf: Ackites KillWxapkg Zip Bomb Resource Exhaustion

9 hours ago

ghsa

GHSA-463c-jhp2-4mm7: The Backup Plus extension for TYPO3 (ns_backup) allows command injections

9 hours ago

ghsa

GHSA-xg53-mhh9-3cq7: The Backup Plus extension for TYPO3 (ns_backup) allows XSS

9 hours ago

ghsa