Support » Plugin: SpiderFAQ » css vulnerability

  • Resolved alsoisp

    (@alsoisp)


    Today OpenBugBounty wrote us a mail, that we have a css vulnerability problem with the searchfield from Spider-Faq.

    One resolution is, to filter some Signs in the Searchfield. Can anyone tell me, where the Searchfield is located and where we should enter the Filter for the Symbols?

    Best regards

    Stephan

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)
  • Hi,

    Could you please, share with us more details about the CSS vulnerability (you can share the screenshot of the issue)

    Maybe I have not understand correctly is it Security Vulnerability not the CSS Vulnerability?

    Thanks. Have a nice day.

    Hello,
    here is the original message:
    Dear Sir/Madam,
    I would like to report a XSS vulnerability that I have found on the alsoisp.de website. The
    discovered vulnerability occurs because of incorrectly validated user input in the search function.
    The vulnerability has been tested with the latest version of Firefox on Linux (Firefox 58.0.2 64-bit).
    Reproduction
    Go to: http://alsoisp.de/buchhaltung/
    Enter the following XSS payload as search query:
    “–!>
    The JavaScript dialog will pop-up:
    When we look at the source code we can see the JavaScript that was executed by the browser:
    Mitigation
    My recommendation would be to filter the search input for special characters used in HTML and
    JavaScript.
    I hope that my findings and report can contribute to a better and more secure website of the alsoisp
    organization.

    Enter the following XSS payload as search query:

    // . “–!> //

    I hope we see the query here in your Ticketsystem. In the post before, the query was interpretet.

    I can’t send you the query here, please give me a mail to sent it.

    Hi,

    Please contact our support team using the following email address: support@web-dorado.com

    Please, mention the URL of this forum topic in your message. We will provide a solution as soon as possible and share it here as well.

    Thanks. Have a nice day.

    Hi,

    Please, be informed that the security issue has been fixed and the plugin has been updated.

    Thanks. have a nice day.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘css vulnerability’ is closed to new replies.