[CKAN-Security] a CKAN security vulnerability

David Read david.read at hackneyworkshop.com
Mon Jan 8 14:19:07 UTC 2018


Thanks for the alert. However I believe the scheme is checked in all
current versions of CKAN, and 'javascript:' is not linked. What version of
CKAN are you running?

David

On 8 January 2018 at 07:15, 浅蓝 <blue at ixsec.org> wrote:

> Hello, I found a XSS vulnerability while using CKAN.
>
> The specific operation is as follows.
>
> 1.add dataset
>
>
>
>
> 2.Next . click "Linke"
>
>
> 3. Input XSS Payload.
>
>
>
> 4. Click URL link
>
>
>
>
>
> looking forward to your reply.
>
>
> _______________________________________________
> CKAN security
> https://lists.okfn.org/mailman/listinfo/security
> https://lists.okfn.org/mailman/options/security/
> david.read%40hackneyworkshop.com
>
> Repo: https://github.com/ckan/ckan-security
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.okfn.org/mailman/private/security/attachments/20180108/793468ab/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 65603AE0 at F2FE7279.751A535A.png.jpg
Type: image/jpeg
Size: 279920 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20180108/793468ab/attachment-0006.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 35380129 at 35910F40.751A535A.png.jpg
Type: image/jpeg
Size: 64000 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20180108/793468ab/attachment-0007.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D8383105 at 5C67752C.751A535A.png.jpg
Type: image/jpeg
Size: 76340 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20180108/793468ab/attachment-0008.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 3931D832 at 35837609.751A535A.png.jpg
Type: image/jpeg
Size: 341259 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20180108/793468ab/attachment-0009.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: E9E393E3 at A0D93B54.751A535A.png.jpg
Type: image/jpeg
Size: 131295 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20180108/793468ab/attachment-0010.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 8F04922F at B697325D.751A535A.png.jpg
Type: image/jpeg
Size: 89411 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20180108/793468ab/attachment-0011.jpg>


More information about the Security mailing list