oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request: Flash based XSS in FileAPI.flash.swf

From: mala <mala () ma la>
Date: Sun, 13 Sep 2015 02:14:29 +0900
Hello,

Please assign a CVE ID to this.

FileAPI https://github.com/mailru/FileAPI
- fixed in 2.0.15 https://github.com/mailru/FileAPI/releases/tag/2.0.15
- https://github.com/mailru/FileAPI/pull/342

summary:
Cross-site scripting (XSS) vulnerability in FileAPI.flash.swf related
to the "ExternalInterface.call" function.
Arbitrary javascript code execution is possible on the domain hosting swf file.

This is similar to http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8992
https://github.com/mailru/FileAPI/pull/228

but another attack vector.
Probably, all older versions are affected by XSS.
At least mailru/FileAPI version 1.1.0 contains vulnerable code.

references:

major library that include FileAPI.flash.swf

jquery.fileapi https://github.com/RubaXa/jquery.fileapi
- fixed in 0.4.11 https://github.com/RubaXa/jquery.fileapi/releases/tag/0.4.11

ng-file-upload https://github.com/danialfarid/ng-file-upload
- fixed in 7.1.0
https://github.com/danialfarid/ng-file-upload/releases/tag/7.1.0
- https://github.com/danialfarid/ng-file-upload/issues/997

and CMS/Web framework that uses jquery.fileapi, ng-file-upload

https://github.com/search?l=json&q=jquery.fileapi&ref=searchresults&type=Code
https://github.com/search?l=json&q=ng-file-upload&type=Code

--
ma.la
Previous By Date Next
Previous By Thread Next

Current thread: