Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS1nNmY1LTR3NDMtMng2M84AA8jL

ScnSocialAuth Cross-site Scripting vulnerability in login redirect param

ScnSocialAuth version 1.15.2 has been released and includes a security for this vulnerability. Fix has been applied in https://github.com/SocalNick/ScnSocialAuth/commit/4a00966c41bc37251586d007564c5c891eba3700

Affected versions

All versions below 1.15.2 are affected. dev-master is fixed starting from https://github.com/SocalNick/ScnSocialAuth/commit/4a00966c41bc37251586d007564c5c891eba3700

Exploits

Because of missing escaping of the URL param redirect a XSS attack is possible.
For example: Setting the redirect param to "><a%20href="http://github.com">GitHub.com</a><inpu%20type="hidden"%20" would result in a link added to the login page.

Resolution

If you are using any version of ScnSocialAuth below 1.15.2 please upgrade immediately by running composer update.

Permalink: https://github.com/advisories/GHSA-g6f5-4w43-2x63
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nNmY1LTR3NDMtMng2M84AA8jL
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 6 months ago
Updated: 6 months ago

CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Identifiers: GHSA-g6f5-4w43-2x63
References:

• https://github.com/socalnick/scnsocialauth/issues/184
• https://github.com/SocalNick/ScnSocialAuth/commit/4a00966c41bc37251586d007564c5c891eba3700
• https://github.com/FriendsOfPHP/security-advisories/blob/master/socalnick/scn-social-auth/2015-01-15.yaml
• https://github.com/advisories/GHSA-g6f5-4w43-2x63

Repository: https://github.com/socalnick/scnsocialauth
Blast Radius: 12.0

Affected Packages