Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Mark Roffey 18 posts 32 karma points
    Jan 21, 2011 @ 18:49
    Mark Roffey
    0

    XSS Security flaw in Umbraco Core

    We've just been alerted by our security team here that there is a XSS flaw in the Umbraco admin section.

    To replicate - you need to log in to Umbraco first and append this to the url ?app=content%27%3balert('xss')//#content

    So the url would look like this

    http://localhost/umbraco/umbraco.aspx?app=content%27%3balert('xss')//#content

    Has anyone else come across this? I find it hard to believe that it's not a known bug.

    Mark

     

  • Lee Kelleher 4026 posts 15836 karma points MVP 13x admin c-trib
    Jan 21, 2011 @ 23:40
    Lee Kelleher
    0

    Hi Mark,

    Best bet is to raise an issue on CodePlex, (if you haven't already done so?)

    http://umbraco.codeplex.com/WorkItem/Create

    The core team will pick up the issue and assess the vulnerability.

    Cheers, Lee.

Please Sign in or register to post replies

Write your reply to:

Draft