Bug 10856

Summary: XSS, Reflected content on download page
Product: Websites Reporter: Bas V <bitternine>
Component: www.mageia.orgAssignee: Romain d'Alverny <rdalverny>
Status: RESOLVED FIXED QA Contact:
Severity: major    
Priority: Normal CC: atelier-bugs, rdalverny
Version: trunkKeywords: Atelier, Security
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: CVE:
Status comment:

Description Bas V 2013-07-27 16:44:09 CEST 
An XSS vulnerability is present in the download, poc below. It seems that the XSS is only present in the download page. Somebody with malicious intentions could spread a link to let people download a malicious version of mageia and, like in the poc, it could list a wrong checksum with it. Common browsers do not filter html only (~no scripts are used), so the poc should work on every browser. 

POC: http://www.mageia.org/en/downloads/get/?q=test%3C%2Fpre%3EThe%20you%20can%20find%20the%20default%20distro%3Ca%20href%3D%22http%3A%2F%2Fexample%2Ecom%22%3E%20here%20%3C%2Fa%3E%3Cbr%3Ethe%20checksum%20of%20this%20iso%20is%3Add7b696b96434d2bf07b34f9c125d51d%3Cstyle%3Evisibility%3Ahidden
Bas V 2013-07-27 16:44:41 CEST

CC: (none) => rdalverny

Romain d'Alverny 2013-07-27 22:48:10 CEST

Keywords: (none) => Atelier, Security
Status: NEW => ASSIGNED
CC: (none) => atelier-bugs
Assignee: atelier-bugs => rdalverny

Comment 1 Romain d'Alverny 2013-07-27 23:10:15 CEST 
Thank you for the report.

Fixed in http://svnweb.mageia.org/web?view=revision&revision=2694 (better filtering the GET params + rephrasing the query for debug data) and released in production.

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED