Hello,
We are using a paid version of this product and found DOM-based vulnerabilities in it.
DOM-based vulnerabilities arise when a client-side script reads data from a controllable part of the DOM (for example, the URL) and processes this data in an unsafe way
DOM-based cross-site scripting arises when a script writes controllable data into the HTML document in an unsafe way. An attacker may be able to use the vulnerability to construct a URL that, if visited by another application user, will cause JavaScript code supplied by the attacker to execute within the user’s browser in the context of that user’s session with the application.
For eg :-
Data is read from location.href and passed to the ‘append()’ function of JQuery via the following statements:
- grid_url=location.href.replace(‘form=add’,”)+”&grid_id=”+grid_id;
- jQuery(el) .parent() …d_url+ “\”);’ />” )
in jqgrid_dist.php
Possible remediations:
- Alter the output builder function in jqgrid_dist.php to write the URL in the generated content rather than ‘location.href’. jqGrid_dist.php outputs Javascript that then generates the URL on the client side, rather than finalizing the element content on the server side.
Let us know , if the latest version of this product has this fixed, or we would like to know a solution or a fix from your side.
Thanks and Regards
Thanks for reporting. Currently this feature to show add form when url contains form=add is rarely used.
To avoid this vulnerability risk, you can simple remove these lines. Your suggestion to put server side generated url is also doable but it will need some more testing time.
Search: location.href.replace in jqgrid_dist.php
And remove this block of 2 lines, 3 occurences in file:
if (…)
… location.href.replace ….