Synopsis
A vulnerability in sao has been found by Cédric Krier.
With issue9394, the web client does not escape the HTML tags from user data. This allows cross-site scripting attacks which can result in session hijacking, persistent phishing attacks, and persistent external redirects to a malicious source.
Impact
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: Required
- Scope: Unchanged
- Confidentiality: Low
- Integrity: Low
- Availability: None
Workaround
There is no existing workaround.
Resolution
All affected users should upgrade sao
to the latest version.
Affected versions per series:
- 5.6: <= 5.6.3
- 5.4: <= 5.4.9
- 5.2: <= 5.2.17
- 5.0: <=5.0.25
Non affected versions per series:
- 5.6: >= 5.6.4
- 5.4: >= 5.4.10
- 5.2: >= 5.2.18
- 5.0: >= 5.0.26
Reference
Concern?
Any security concerns should be reported on the bug-tracker at
https://bugs.tryton.org/ with the type security
.