Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 13 Sep 2015 02:14:29 +0900
From: mala <mala@...la>
To: oss-security@...ts.openwall.com
Subject: CVE request: Flash based XSS in FileAPI.flash.swf

Hello,

Please assign a CVE ID to this.

FileAPI https://github.com/mailru/FileAPI
- fixed in 2.0.15 https://github.com/mailru/FileAPI/releases/tag/2.0.15
- https://github.com/mailru/FileAPI/pull/342

summary:
Cross-site scripting (XSS) vulnerability in FileAPI.flash.swf related
to the "ExternalInterface.call" function.
Arbitrary javascript code execution is possible on the domain hosting swf file.

This is similar to http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8992
https://github.com/mailru/FileAPI/pull/228

but another attack vector.
Probably, all older versions are affected by XSS.
At least mailru/FileAPI version 1.1.0 contains vulnerable code.

references:

major library that include FileAPI.flash.swf

jquery.fileapi https://github.com/RubaXa/jquery.fileapi
- fixed in 0.4.11 https://github.com/RubaXa/jquery.fileapi/releases/tag/0.4.11

ng-file-upload https://github.com/danialfarid/ng-file-upload
- fixed in 7.1.0
https://github.com/danialfarid/ng-file-upload/releases/tag/7.1.0
- https://github.com/danialfarid/ng-file-upload/issues/997

and CMS/Web framework that uses jquery.fileapi, ng-file-upload

https://github.com/search?l=json&q=jquery.fileapi&ref=searchresults&type=Code
https://github.com/search?l=json&q=ng-file-upload&type=Code

--
ma.la

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ