Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #22356

    LifeTimer
    Participant

    I just updated to the most recent EmEditor, and got a nasty surprise when trying to use my usual filter macro in cell mode – It now removed lines that it should not remove, i.e. the filter functionality has been broken!

    Here is a proof of concept for reproduction of the bug:
    ——————————————————————————

    Input CSV file:

    1,/cgi-bin/listserv/wa.exe?SHOWTPL=<script>alert(/openvas-xss-test/)</script>
    2,abcd
    3,/scripts/wa.exe?SHOWTPL=<script>alert(/openvas-xss-test/)</script>

    Source code of the macro that is executed on it (while CSV mode is active, and the string “openvas” is selected in the editor window):

    if(document.CellMode)
    {
    	document.Filter(document.selection.Text, document.selection.GetActivePointX(eePosCell), eeFindKeepPrevious);
    }
    else
    {
    	document.Filter(document.selection.Text, 0, eeFindKeepPrevious);
    }

    The expected result is that only line 2 should be filtered away, leaving line 1 and 3 visible, BUT instead line 3 is also removed, leaving only line 1 visible!

    NOTE: This bug only seems to happen in Cell mode (CSV in my case), but NOT in normal document mode even if using the exact same document contents, which may be an important fact for your bug reproduction/debugging!

    What makes me even more scared is that if I remove the “<script>” and “</script>” parts from the cell contents, it works as expected again, so this might even be some kind of unintended script execution vulnerability/bug in EmEditor or similar (similar to cross-site scripting on web pages)!

    Could you please take a look at this as soon as possible, since it is breaking my entire use case for EmEditor, and may even be some kind of security vulnerability!?

    #22360

    Yutaka Emura
    Keymaster

    Hello,

    I just want to confirm, but are you using the latest version of EmEditor (v17.1.1)?

    Thanks,

    #22361

    Yutaka Emura
    Keymaster

    I reproduced the issue on the latest version, and it will be fixed on the next version.
    By the way, this issue has existed for a long time since v16.2 or v16.5.

    Thanks,

    #22363

    LifeTimer
    Participant

    Thanks!

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

Share with friends... Tweet about this on TwitterShare on FacebookShare on Google+Email this to someone