[XPORTER-2955] Stored XSS via Xporter configuration properties - Xblend Issue Tracker

Xporter

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: Release 6.2.4
Fix Version/s: Release 6.3.0
Component/s: Permission Schemes, Security
Labels:
- security_vulnerability_medium

Sprint:
R6.3.0 Sprint 3
Requirement Status:
OK
- 1

Description

Xporter must be prepared to lead with XSS Atack.

Cross-site scripting attacks occur when you manage to sneak a script (usually javascript) onto someone else's website, where it can run maliciously.
XSS is possible when you have user input into a web site. For instance, if I was filling out a web form, and it asked me for templates description, I could enter:

Template Description: "<svg/onload=alert(1)>"

Attachments

Issue Links

mentioned in: Page Loading...

Activity

People

Assignee:: Rui Rodrigues

Reporter:: Rui Rodrigues

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 04/Dec/19 2:05 PM

Updated:: 29/Apr/20 4:25 PM

Resolved:: 29/Apr/20 4:25 PM

Time Tracking

Estimated:

Remaining:

Logged:

3d 7h 40m