Bartik maintenance page site_name/site_slogan vulernable to xss

To reproduce

drush vset site_name '<script type="text/javascript">alert("site_name");</script>Name'
drush vset site_slogan '<script type="text/javascript">alert("site_slogan");</script>Slogan'
drush vset maintenance_mode 1

The security team has cleared this issue to be fixed publicly as this exploit requires administer site configuration.

Comments

c960657’s picture

Comment #1

c960657 commented 28 March 2012 at 20:37

Status:

Active

» Closed (duplicate)

The patch in #461938: Core should consistently filter_xss_admin() on $site_slogan and check_plain $site_name solves this problem.

I will mark this issue as a duplicate (actually it is a subset of #461938).

Log in or register to post comments