Bug 58268 - Cross Site Scripting (XSS) in UDM via crafted LDAP RDNs
Summary: Cross Site Scripting (XSS) in UDM via crafted LDAP RDNs
Status: CLOSED FIXED
Alias: None
Product: UCS
Classification: Unclassified
Component: UMC - Domain management (Generic)
Version: UCS 5.0
Hardware: Other Linux
: P5 normal
Target Milestone: UCS 5.0-10-errata
Assignee: Dirk Wiesenthal
QA Contact: Iván.Delgado
URL:
Keywords:
Depends on: 49001
Blocks: 58267
  Show dependency treegraph
 
Reported: 2025-05-13 16:01 CEST by Dirk Wiesenthal
Modified: 2025-05-14 15:04 CEST (History)
4 users (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Security
Customer ID:
Max CVSS v3 score: 6.2 (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dirk Wiesenthal univentionstaff 2025-05-13 16:01:24 CEST 
Cloned for 5.0-10

+++ This bug was initially created as a clone of Bug #49001 +++

# udm container/cn create --set name='<span onmouseover="alert(document.cookie)">foo</span>'
Object created: cn=\<span onmouseover\=\"alert(document.cookie)\"\>foo\</span\>,dc=dev,dc=local

→ Open the LDAP Directory
At least three vulnerable places: 1. the tree; 2. the Search-Grid, 3. the Remove dialog.

The detail page of this object and subobjects of it seems to be okay.
Comment 1 Dirk Wiesenthal univentionstaff 2025-05-14 10:37:02 CEST 
univention-web.yaml
d6aa3a5013f0 | Bug #58268: Fix various Cross Site Scripting (XSS) vulnerabilities in UDM via crafted LDAP RDNs and other attributes

univention-web (4.0.10-4)
d6aa3a5013f0 | Bug #58268: Fix various Cross Site Scripting (XSS) vulnerabilities in UDM via crafted LDAP RDNs and other attributes

univention-management-console-module-udm.yaml
d6aa3a5013f0 | Bug #58268: Fix various Cross Site Scripting (XSS) vulnerabilities in UDM via crafted LDAP RDNs and other attributes

univention-management-console-module-udm (10.0.13-2)
d6aa3a5013f0 | Bug #58268: Fix various Cross Site Scripting (XSS) vulnerabilities in UDM via crafted LDAP RDNs and other attributes
Comment 2 Iván.Delgado univentionstaff 2025-05-14 11:56:08 CEST 
QA:
 Code review: OK
 Detail page: OK
 Tree view: OK
 Delete dialog: OK
 Advisory: OK
 Test: OK