[kde] [Bug 423020] New: Using wifi SSID with xss vectors result in wifi not rendering
advaith
bugzilla_noreply at kde.org
Mon Jun 15 17:12:50 BST 2020
https://bugs.kde.org/show_bug.cgi?id=423020
Bug ID: 423020
Summary: Using wifi SSID with xss vectors result in wifi not
rendering
Product: kde
Version: unspecified
Platform: Other
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: general
Assignee: unassigned-bugs at kde.org
Reporter: advaith.madhukar at gmail.com
Target Milestone: ---
SUMMARY
Using wifi name with xss vectors result in wifi not rendering
STEPS TO REPRODUCE
1. set wifi SSID to something like <svg/onload=alert('XSS')>
2. open the connect menu in panel.
OBSERVED RESULT
SSID will not be displayed.
EXPECTED RESULT
SSID will be displayed/
SOFTWARE/OS VERSIONS
Linux/KDE Plasma: openSUSE tumbleweed/Arch linux
KDE Plasma Version: 5.19
KDE Frameworks Version: 5.79.0
Qt Version: 5.15
ADDITIONAL INFORMATION
his is similar to XSS attacks in web-browsers where the dom parser misses XSS
vectors. the issue was not present in the previous version of plasma.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Unassigned-bugs
mailing list