Gossamer Forum
Home : Gossamer Threads Inc. : Official Bug Fixes :

[Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability

Quote Reply
[Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
A minor XSS vulnerability was recently found in the Links SQL 2.x and GLinks 3.0.0 templates. The vulnerability allows someone to generate urls, which if visited by a user, can disclose information such as cookie data.

Versions affected:
Gossamer Links 3.0.0
Links SQL 2.x

Versions not affected:
Gossamer Links 3.0.1 and higher

Solution:
For Gossamer Links 3.0.0 users, upgrade to 3.0.1 (or the current latest version) and merge the changes into your customised templates (see the template diffs). For Links SQL 2.x users (or users still using 2.x templates), you must update your templates to html escape input. To do this you must edit all the templates and change any places where template tags are used as element attribute values. When updating your templates, there are 3 things that need updating:

1) <input ... value="<%template_var%>">
2) <frame ... src="<%template_var%>">
3) <textarea><%template_var%></textarea>

These need to be changed to:

1) <input ... value="<%escape_html template_var%>">
2) <frame ... src="<%escape_html template_var%>">
3) <textarea><%escape_html template_var%></textarea>

If your directory does not allow html in any link info (eg. link descriptions, reviews, etc) then you can not modify your templates and just add an option to GT::Template to html escape all variables. To do this, edit admin/Links.pm (it's on a different line depending on the version you have installed) in "sub user_page", before it calls GT::Template->parse(...), add the following line:
Code:
$opts->{escape} = 1;

Adrian

Last edited by:

brewt: Oct 14, 2005, 12:42 AM
Subject Author Views Date
Thread [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability brewt 38914 Apr 21, 2005, 2:03 PM
Thread Post deleted by Alba
Alba 38226 Apr 22, 2005, 3:01 AM
Post Re: [Alba] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
Andy 38204 Apr 22, 2005, 3:17 AM
Thread Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
pugdog 38180 Apr 22, 2005, 6:55 AM
Thread Re: [pugdog] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
brewt 38190 Apr 22, 2005, 12:32 PM
Thread Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
Alba 38141 Apr 26, 2005, 7:34 AM
Thread Re: [Alba] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
brewt 38110 Apr 26, 2005, 4:28 PM
Thread Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
Alba 38123 Apr 27, 2005, 1:03 AM
Thread Re: [Alba] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
brewt 38150 Apr 27, 2005, 1:08 AM
Thread Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
pugdog 38097 Apr 27, 2005, 6:46 AM
Thread Re: [pugdog] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
brewt 38108 Apr 27, 2005, 11:13 AM
Post Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
webmaster33 38080 Apr 28, 2005, 5:18 AM
Thread Re: [brewt] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
eljot 33862 May 5, 2008, 11:43 PM
Post Re: [eljot] [Links SQL 2.x/GLinks 3.0.0] Minor XSS Vulnerability
brewt 33799 May 5, 2008, 11:59 PM