Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Done
-
R3.6.2, R3.3.6
Description
It is possible to inject and execute any HTML (including JavaScript) in the Test Repository page.
Â
Steps to reproduce:
- Create a folder named: <img src="nop" onerror="alert(1)">
- When clicking Enter after the name change, the alert popup will appear
Attachments
Issue Links
- is implemented by
-
XRAY-4692 XSS vulnerabilities in Test Run page
- Closed