49001 – Cross Site Scripting (XSS) in UDM via crafted LDAP RDNs

Bug 49001 - Cross Site Scripting (XSS) in UDM via crafted LDAP RDNs

Summary: Cross Site Scripting (XSS) in UDM via crafted LDAP RDNs

Status:	CLOSED FIXED

Alias:	None

Product:	UCS
Classification:	Unclassified
Component:	UMC - Domain management (Generic)
Version:	UCS 5.2
Hardware:	Other Linux

Importance:	P5 normal
Target Milestone:	UCS 5.2-1-errata
Assignee:	Dirk Wiesenthal
QA Contact:	Iván.Delgado

URL:
Keywords:

Depends on:
Blocks:	58785 58267 58268
	Show dependency tree / graph

Reported:	2019-03-14 21:31 CET by Florian Best
Modified:	2025-11-05 17:43 CET (History)
CC List:	2 users (show)

See Also:
What kind of report is it?:	Security Issue
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Security
Customer ID:
Max CVSS v3 score:	6.2 (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N)

Attachments
Screenshot (80.99 KB, image/png) 2019-03-14 21:31 CET, Florian Best	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Florian Best

2019-03-14 21:31:00 CET

Created attachment 9927 [details]
Screenshot

# udm container/cn create --set name='<span onmouseover="alert(document.cookie)">foo</span>'
Object created: cn=\<span onmouseover\=\"alert(document.cookie)\"\>foo\</span\>,dc=dev,dc=local

→ Open the LDAP Directory
At least three vulnerable places: 1. the tree; 2. the Search-Grid, 3. the Remove dialog.

The detail page of this object and subobjects of it seems to be okay.

Comment 3 Dirk Wiesenthal

2025-05-14 10:37:53 CEST

univention-web.yaml
635713314fd2 | Bug #49001: Fix various Cross Site Scripting (XSS) vulnerabilities in UDM via crafted LDAP RDNs and other attributes

univention-web (6.0.9-4)
635713314fd2 | Bug #49001: Fix various Cross Site Scripting (XSS) vulnerabilities in UDM via crafted LDAP RDNs and other attributes

univention-management-console-module-udm.yaml
635713314fd2 | Bug #49001: Fix various Cross Site Scripting (XSS) vulnerabilities in UDM via crafted LDAP RDNs and other attributes

univention-management-console-module-udm (12.0.9)
635713314fd2 | Bug #49001: Fix various Cross Site Scripting (XSS) vulnerabilities in UDM via crafted LDAP RDNs and other attributes

Comment 4 Iván.Delgado

2025-05-14 13:30:54 CEST

QA:
 Code review: OK
 Detail page: OK
 Tree view: OK
 Delete dialog: OK
 Advisory: OK
 Test: OK

Comment 5 Christian Castens

2025-05-14 15:44:31 CEST

<https://errata.software-univention.de/#/?erratum=5.2x86>
<https://errata.software-univention.de/#/?erratum=5.2x87>