Vulnerable to XSS

Question

Vulnerable to XSS

ngyikp opened this issue 4 years ago · comments

Inspired by https://twitter.com/_r3ggi/status/1265629984753844225

I did a quick check with <img src=1 onerror=document.documentElement.textContent=window.location>.ipa and looks like the XSS works:

Evgeny Aleksandrov · Answer 1 · Mon Jul 20 2020 20:36:31 GMT+0800 (China Standard Time)

Looks like it's already resolved by Apple? I'm on macOS 10.15.6.

Evgeny Aleksandrov · Answer 2 · Sun Aug 23 2020 16:26:32 GMT+0800 (China Standard Time)

I managed to find machine with macOS 10.15.4, reproduce and fix this issue 🙂
Fix applied in f8c75d8 - add XML escaping for file name.
Released as 1.6.2.

macOS 10.15.4, ProvisionQL 1.6.1:

macOS 10.15.4, ProvisionQL 1.6.2: