Security Release for issue9405

Synopsis

A vulnerability in sao has been found by Coopengo and solved by Nicolas Évrard.

With issue 9405, the web client does not escape the HTML tags from user data in richtext widgets. This allows cross-site scripting attacks which can result in session hijacking, persistent phishing attacks, and persistent external redirects to a malicious source.

Impact

CVSS v3.0 Base Score: 4.6

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality: Low
  • Integrity: Low
  • Availability: None

Workaround

There is no existing workaround.

Resolution

All affected users should upgrade sao to the latest version.
Affected versions per series:

  • 5.6: <= 5.6.3
  • 5.4: <= 5.4.9
  • 5.2: <= 5.2.17
  • 5.0: <=5.0.25

Non affected versions per series:

  • 5.6: >= 5.6.4
  • 5.4: >= 5.4.10
  • 5.2: >= 5.2.18
  • 5.0: >= 5.0.26

Reference

Concern?

Any security concerns should be reported on the bug-tracker at
https://bugs.tryton.org/ with the type security .