Roy
/
vuln_patch
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Dnn.Platform: Prevent XSS attacks through direct access to certain DB columns.

Browse Source
main
Roy 8 months ago
commit 4cf6c07977
2 changed files with 66 additions and 0 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 40
      dnnsoftware/Dnn.Platform/0001-Help-prevent-XSS-attacks-through-access-to-database-.patch
  2. 26
      dnnsoftware/Dnn.Platform/0002-Unverified-.-Help-prevent-XSS-attacks-through-access.patch

40
dnnsoftware/Dnn.Platform/0001-Help-prevent-XSS-attacks-through-access-to-database-.patch
Unescape View File

@ -0,0 +1,40 @@
From 999f5e1e7467fc688f00515e14ff247cdeb730d3 Mon Sep 17 00:00:00 2001
From: Roy <roy@royvanlunsen.nl>
Date: Wed, 27 Mar 2024 13:38:58 +0100
Subject: [PATCH 1/2] Help prevent XSS attacks through access to database
"displayName" column.
---
DNN Platform/Modules/Journal/Scripts/mentionsInput.js | 2 +-
.../admin/personaBar/scripts/permissionGrid.js | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/DNN Platform/Modules/Journal/Scripts/mentionsInput.js b/DNN Platform/Modules/Journal/Scripts/mentionsInput.js
index 6672d9694f..064588c833 100644
--- a/DNN Platform/Modules/Journal/Scripts/mentionsInput.js
+++ b/DNN Platform/Modules/Journal/Scripts/mentionsInput.js
@@ -162,7 +162,7 @@
$this.data('ui-autocomplete')._renderItem = function(ul, item) {
return $('<li></li>')
.data('ui-autocomplete-item', item)
- .append('<a><img src="' + item.avatar + '" /><span class="dn">' + item.displayName + '<span></a>')
+ .append('<a><img src="' + item.avatar + '" />' + $('<span class="dn"></span>').text(dnn.decodeHTML(item.displayName)) + '</a>')
.appendTo(ul);
};
diff --git a/Dnn.AdminExperience/Library/Dnn.PersonaBar.UI/admin/personaBar/scripts/permissionGrid.js b/Dnn.AdminExperience/Library/Dnn.PersonaBar.UI/admin/personaBar/scripts/permissionGrid.js
index cca1593c04..e096a53944 100644
--- a/Dnn.AdminExperience/Library/Dnn.PersonaBar.UI/admin/personaBar/scripts/permissionGrid.js
+++ b/Dnn.AdminExperience/Library/Dnn.PersonaBar.UI/admin/personaBar/scripts/permissionGrid.js
@@ -109,7 +109,7 @@ if (typeof dnn.controls === "undefined" || dnn.controls === null) { dnn.controls
var cols = header.find('>td:not(:first-child)');
var row = $('<tr class="dnnItem ' + (table.find('> tr').length % 2 === 0 ? 'dnnGridAltItem' : 'dnnGridItem') + '"></tr>');
row.data('key', type == "users" ? data.userId : data.roleId);
- row.append('<td class="permissionHeader">' + (type == "users" ? data.displayName : data.roleName) + "</td>");
+ row.append($('<td class="permissionHeader"></td>').text(dnn.decodeHTML(type == "users" ? data.displayName : data.roleName)));
for (var i = 0; i < cols.length; i++) {
var headerCol = cols.eq(i);
var permissionId = headerCol.data('permissionId');
--
2.32.0

26
dnnsoftware/Dnn.Platform/0002-Unverified-.-Help-prevent-XSS-attacks-through-access.patch
Unescape View File

@ -0,0 +1,26 @@
From 42ec718703ae82e617ff895d3db93b7ab529c372 Mon Sep 17 00:00:00 2001
From: Roy <roy@royvanlunsen.nl>
Date: Wed, 27 Mar 2024 13:39:14 +0100
Subject: [PATCH 2/2] (Unverified). Help prevent XSS attacks through access to
database.
---
.../Shared/components/ComposeMessage/ComposeMessage.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/DNN Platform/Website/Resources/Shared/components/ComposeMessage/ComposeMessage.js b/DNN Platform/Website/Resources/Shared/components/ComposeMessage/ComposeMessage.js
index 4f4d8d0ea3..d0bd4e2549 100644
--- a/DNN Platform/Website/Resources/Shared/components/ComposeMessage/ComposeMessage.js
+++ b/DNN Platform/Website/Resources/Shared/components/ComposeMessage/ComposeMessage.js
@@ -63,7 +63,7 @@
function attachFile(file) {
if ($.inArray(file.id, attachments) === -1) {
attachments.push(file.id);
- composeMessageDialog.find('.messageAttachments ul').append('<li><a href="#" title="' + file.name + '">' + file.name + '</a><a href="#" class="removeAttachment" title="' + opts.removeText + '"></a></li>');
+ composeMessageDialog.find('.messageAttachments ul').append('<li>' + $('<a href="#"></a>').attr('title', dnn.decodeHTML(file.name)).text(dnn.decodeHTML(file.name)).after('<a href="#" class="removeAttachment" title="' + opts.removeText + '"></a></li>'));
composeMessageDialog.find('.messageAttachments li:last-child .removeAttachment').click(function () {
var index = $.inArray(file.id, attachments);
if (index !== -1) {
--
2.32.0
Write Preview
Loading…
Cancel
Save