[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Mephisto blog is vulnerable to XSS
Current bleeding-edge version of Mephisto blog is vulnerable to XSS.
rejects comments manually, he have to load all unapproved comments,
so it's possible to fetch his session id.
Add new comment with the following author name: <script>alert
Then from admin's overview section check this comment - you'll see
message with cookie.
If you manually approve your comments, check list of pending comments.
How to fix it
patch for <approot>/app/helpers/application_helper.rb :
< return comment.author if comment.author_url.blank?
> return h(comment.author) if comment.author_url.blank?