Synopsis
A vulnerability in sao has been found by Cédric Krier.
With issue 9453, the web client does not escape the HTML tags from user data in translated richtext
widgets. This allows cross-site scripting attacks which can result in session hijacking, persistent phishing attacks, and persistent external redirects to a malicious source.
Impact
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Unchanged
- Confidentiality: Low
- Integrity: Low
- Availability: None
Workaround
There is no existing workaround.
Resolution
All affected users should upgrade sao
to the latest version.
Affected versions per series:
- 5.6: <= 5.6.4
- 5.4: <= 5.4.10
- 5.2: <= 5.2.18
- 5.0: <=5.0.26
Non affected versions per series:
- 5.6: >= 5.6.5
- 5.4: >= 5.4.11
- 5.2: >= 5.2.19
- 5.0: >= 5.0.27
Reference
Concern?
Any security concerns should be reported on the bug-tracker at
https://bugs.tryton.org/ with the type security
.