Hi team
Summary
A probable Stored XSS is présent in formcreator via the use of the use of ##FULLFORM## for render.
PoC
1 - As admin : create a form with a question classic text field.
2 - As admin : as target description templating description use "##FULLFORM##"
3 - As user : fill the form with the paylod : "><img src=x onerror="alert(1337)" x=x>
4 - As admin : Go to the newly created ticket : https://mysuperglpi.fr/front/ticket.form.php?id=704
Impact
Arbitrary javascript code execution in admin/tech context.
Temporary workaround
Use regex for remove < > " on all field ...
Sorry for my english,
Hi team
Summary
A probable Stored XSS is présent in formcreator via the use of the use of ##FULLFORM## for render.
PoC
1 - As admin : create a form with a question classic text field.
2 - As admin : as target description templating description use "##FULLFORM##"
3 - As user : fill the form with the paylod :
"><img src=x onerror="alert(1337)" x=x>4 - As admin : Go to the newly created ticket : https://mysuperglpi.fr/front/ticket.form.php?id=704
Impact
Arbitrary javascript code execution in admin/tech context.
Temporary workaround
Use regex for remove
< > "on all field ...Sorry for my english,