You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In testing 3.0.0-rc3 I ran a tool which uses retirejs to assess state of JavaScript included.
It noted that Angular 1.4.10 and JQuery 2.2.3 are in use, and that these both have known security issues.
I noted also it is possible to generate reports that trigger Angular expression parsing errors, so it might be possible to create a stored XSS issue via accessing constructors in Angular expressions, although I haven't demonstrate this. Migrating to a patched release of Angular may be easier than demonstrating Piwik isn't vulnerable to this (I'm still working out how I created parsing errors and will raise a ticket when I know).
I note also reports are only shown to the current owner, so this may not be usefully exploitable even if it is exploitable.
The text was updated successfully, but these errors were encountered:
Thanks for the report. In #11021 we upgrade AngularJS but there was no change to the sanitize library, so we should be safe. We'll upgrade jquery in subsequent point release
In testing 3.0.0-rc3 I ran a tool which uses retirejs to assess state of JavaScript included.
It noted that Angular 1.4.10 and JQuery 2.2.3 are in use, and that these both have known security issues.
I noted also it is possible to generate reports that trigger Angular expression parsing errors, so it might be possible to create a stored XSS issue via accessing constructors in Angular expressions, although I haven't demonstrate this. Migrating to a patched release of Angular may be easier than demonstrating Piwik isn't vulnerable to this (I'm still working out how I created parsing errors and will raise a ticket when I know).
I note also reports are only shown to the current owner, so this may not be usefully exploitable even if it is exploitable.
The text was updated successfully, but these errors were encountered: