XSS on external links in glpi-project/glpi

Valid

Reported on

Nov 29th 2022

Description

This vulnerability allow for an administrator to create an evil external link.

Proof of Concept

As an admin user

Go to /front/link.form.php?id=1

Create an external link and put has value for the link 'onmouseover="alert(document.domain)"

Assign this link to budgets (example)

As a regular user

Go to /front/budget.form.php?id=1

Click on the links tab

Move the mouse over the link

XSS triggered

Impact

This vulnerability would potentially allow attackers to hijack the user's current session, steal relevant information, deface the website or direct users to malicious websites, and there is even the possibility of escalating the level of exploitation or more advanced attacks (for example, create privileged users ).

Occurrences

We are processing your report and will contact the glpi-project/glpi team within 24 hours. 4 months ago
We have contacted a member of the glpi-project/glpi team and are waiting to hear back 4 months ago
glpi-project/glpi maintainer validated this vulnerability 4 months ago
Edra has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Cédric Anne gave praise 2 months ago
Thanks for the report.
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
Cédric Anne marked this as fixed in 10.0.6 with commit 7b3704 2 months ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
Cédric Anne published this vulnerability 2 months ago
Link.php#L668 has been validated
Cédric Anne
2 months ago

Maintainer

https://github.com/glpi-project/glpi/security/advisories/GHSA-f5g6-fxrw-pfj7

to join this conversation