Author longwenzhang
Recipients longwenzhang
Date 2019-09-21.02:17:29
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
It's "Lib/" in python2x or "Lib/xmlrpc/" in python3x.

Steps to reproduce:

1.Lib/ is “a documenting XML-RPC Server“,In the Class ServerHTMLDoc, method markup(), will escape the Special symbols to safe(such as <," etc).
2.But it only escape the content from server.set_server_name() and server.set_server_documentation(),the "title" content from the server.set_server_title() will not be escaped, so if I set_server_title('123</title><script>alert(1)</script>'), it will cause XSS because not escaped.
3.I see the alert in Chrome by visiting,the Poc is the in python2.7) in attachments.
4.Problems seems to be at "return,documentation)".Before this line,variable "documentation" has been escaped but self.server_title not.This is the main cause.
Date User Action Args
2019-09-21 02:17:30longwenzhangsetrecipients: + longwenzhang
2019-09-21 02:17:30longwenzhangsetmessageid: <>
2019-09-21 02:17:30longwenzhanglinkissue38243 messages
2019-09-21 02:17:29longwenzhangcreate