Miggo Logo
Miggo Vulnerability Database
CVE-2020-15231

CVE-2020-15231:
XSS in Mapfish Print relating to JSONP support

9.3

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-15231
GHSA ID
GHSA-w534-q4xf-h5v2
EPSS Score
0.53729%
CWE
CWE-79
Published
7/7/2020
Updated
1/9/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.mapfish.print:print-libmaven< 3.243.24
org.mapfish.print:print-servletmaven< 3.243.24
org.mapfish.print:print-standalonemaven< 3.243.24

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from JSONP support that allowed untrusted 'jsonp' callback parameters to be reflected in responses without proper sanitization. The commit 89155f2 explicitly removed JSONP support by deleting all references to 'jsonpCallback' parameters and related response-wrapping logic in these methods. The functions were vulnerable because they directly incorporated user-controlled input into JavaScript contexts without encoding, enabling cross-site scripting attacks via malicious callback names.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t * us*r **n us* t** JSONP support to *o * *ross-sit* s*riptin*. ### P*t***s Us* v*rsion >= *.** ### Work*roun*s No ### R***r*n**s * *ttps://*it*u*.*om/m*p*is*/m*p*is*-print/pull/****/*ommits/**************************************** * *tt

Reasoning

T** vuln*r**ility st*mm** *rom JSONP support t**t *llow** untrust** 'jsonp' **ll***k p*r*m*t*rs to ** r**l**t** in r*spons*s wit*out prop*r s*nitiz*tion. T** *ommit ******* *xpli*itly r*mov** JSONP support *y **l*tin* *ll r***r*n**s to 'jsonp**ll***k