[CKAN-Security] a CKAN security vulnerability

浅蓝 blue at ixsec.org
Mon Jan 8 07:15:01 UTC 2018 

Hello, I found a XSS vulnerability while using CKAN.

The specific operation is as follows.


1.add dataset







2.Next . click "Linke"


3. Input XSS Payload.



4. Click URL link





looking forward to your reply.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.okfn.org/mailman/private/security/attachments/20180108/483539c1/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 35380129 at 35910F40.751A535A.png.jpg
Type: image/jpeg
Size: 64000 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20180108/483539c1/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 65603AE0 at F2FE7279.751A535A.png.jpg
Type: image/jpeg
Size: 279920 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20180108/483539c1/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D8383105 at 5C67752C.751A535A.png.jpg
Type: image/jpeg
Size: 76340 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20180108/483539c1/attachment-0002.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 8F04922F at B697325D.751A535A.png.jpg
Type: image/jpeg
Size: 89411 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20180108/483539c1/attachment-0003.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: E9E393E3 at A0D93B54.751A535A.png.jpg
Type: image/jpeg
Size: 131295 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20180108/483539c1/attachment-0004.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 3931D832 at 35837609.751A535A.png.jpg
Type: image/jpeg
Size: 341259 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20180108/483539c1/attachment-0005.jpg>

More information about the Security mailing list