Issues » XSS Vulnerability on Login Page

Issue: SI-14
Date: Jun 18, 2013, 6:30:00 AM
Severity: Medium
Requires Admin Access: No
Fix Version: 2.3.2
Credit: Ivan Markovic / Secunia
Description:

Input passed via multiple POST parameters to multiple scripts is not
properly sanitised before being returned to the user. This can be exploited
to execute arbitrary HTML and script code in a user's browser session in
context of an affected site.

List of affected scripts and parameters:
http://[host]/application/login/login.html?_loginUserName
http://[host]/c/portal_public/login?my_account_login
http://[host]/dotCMS/forgotPassword?email
Mitigation:
  1. The issue has been resolved in dotCMS 2.3.2, which now includes the ESAPI library to escape HTML.  Upgrade to dotCMS 2.3.2+.
  2. Prevent access to the admin tools to a subset of trusted IPs
  3. Create a hotfix based on the code in these commits: https://github.com/dotCMS/dotCMS/issues/2949
References
  • https://github.com/dotCMS/dotCMS/issues/2949
  • http://secunia.com/advisories/53265/