漏洞标题
"特里克斯"在复制与粘贴功能上存在跨站脚本(XSS)漏洞
漏洞描述信息
Trix编辑器,在2.1.4版本之前,存在跨站脚本(XSS)漏洞,当用户粘贴恶意代码时。这个漏洞绕过了用于修复GHSA-qjqp-xr96-cj99的补丁。在合并请求1149中,对具有`text/html`内容类型的Trix附件添加了清理功能。然而,Trix只在粘贴事件的`dataTransfer`对象上检查内容类型。只要`dataTransfer`具有`text/html`的类型,Trix就会解析其内容并创建一个带有这些内容的`Attachment`对象,即使附件本身并不具有`text/html`的内容类型。Trix然后使用附件内容来设置附件元素的`innerHTML`。攻击者可以通过诱骗用户复制并粘贴可以执行用户会话上下文中任意JavaScript代码的恶意代码,从而导致未经授权的操作被执行或敏感信息泄露。这个漏洞在2.1.4版本中得到了修复。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
漏洞类别
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
漏洞标题
Trix has a Cross-Site Scripting (XSS) vulnerability on copy & paste
漏洞描述信息
The Trix editor, versions prior to 2.1.4, is vulnerable to XSS when pasting malicious code. This vulnerability is a bypass of the fix put in place for GHSA-qjqp-xr96-cj99. In pull request 1149, sanitation was added for Trix attachments with a `text/html` content type. However, Trix only checks the content type on the paste event's `dataTransfer` object. As long as the `dataTransfer` has a content type of `text/html`, Trix parses its contents and creates an `Attachment` with them, even if the attachment itself doesn't have a `text/html` content type. Trix then uses the attachment content to set the attachment element's `innerHTML`. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's session, potentially leading to unauthorized actions being performed or sensitive information being disclosed. This vulnerability was fixed in version 2.1.4.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
漏洞类别
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
漏洞标题
Trix 安全漏洞
漏洞描述信息
Trix是Basecamp开源的一个适用于日常写作的丰富文本编辑器。 Trix 2.1.4之前版本存在安全漏洞,该漏洞源于存在跨站脚本,攻击者可以诱骗用户复制和粘贴恶意代码,然后在用户会话的上下文中执行任意JavaScript代码,从而导致执行未经授权的操作或泄露敏感信息。
CVSS信息
N/A
漏洞类别
其他