Synopsis

A vulnerability in sao has been found by Benjamin Kunz Mejri at Vulnerability-Lab. But they publish it without using our responsive disclosure procedure so we had to make this fix in the hurry.

With issue9351 , the web client does not escape the HTML tags from user data. This allow cross-site scripting attack which result in session hijacking, persistent phishing attacks, persistent external redirects to malicious source.

Impact

CVSS v3.0 Base Score: 4.6

• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: Low
• User Interaction: Required
• Scope: Unchanged
• Confidentiality: Low
• Integrity: Low
• Availability: None

Workaround

There is no existing workaround.

Resolution

All affected users should upgrade sao to the latest version.
Affected versions per series:

• 5.6: <= 5.6.0
• 5.4: <= 5.4.6
• 5.2: <= 5.2.14
• 5.0: <=5.0.22

Non affected versions per series:

• 5.6: >= 5.6.1
• 5.4: >= 5.4.7
• 5.2: >= 5.2.15
• 5.0: >= 5.0.23

Reference

• issue9351

Concern?

Any security concerns should be reported on the bug-tracker at
https://bugs.tryton.org/ with the type security .