[XPORTER-3518] Stored XSS on Process Manager by User Name field value (Data Center) - Xblend Issue Tracker

Xporter

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 6.6.3
Component/s: Security
Labels:
- security_vulnerability_medium

Sprint:
JIRAXPORTER 2020 Sprint 3
Requirement Status:
OK
- 1

Description

After install Xporter for server. go to Process Manager Taps. The main objective of this page is to give the Admin the possibility to see export Process and mange this exported Process. So if attacker make a user privilege change account name to XSS Payload then go to issues, click in Xporter and click in export. Now any Admin's go to Process Manager_ the XSS Payload is reflected in the victim's browser

Attachments

Issue Links

links to

Bug Crowd Submission

Activity

People

Assignee:: Rui Rodrigues

Reporter:: Rui Rodrigues

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 21/Oct/20 1:48 PM

Updated:: 30/Oct/24 8:52 AM

Resolved:: 23/Nov/20 3:36 PM

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

1d 1h