[XRAY-3909] JS is being injected in the Test Repository page - Xblend Issue Tracker

Xporter

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Done
Affects Version/s: R3.6.2, R3.3.6
Fix Version/s: R3.5.5
Component/s: Security
Labels:
- security_vulnerability_medium

Requirement Status:
OK
- 1

Description

It is possible to inject and execute any HTML (including JavaScript) in the Test Repository page.

Steps to reproduce:

Create a folder named: <img src="nop" onerror="alert(1)">
When clicking Enter after the name change, the alert popup will appear

Attachments

Issue Links

is implemented by

XRAY-4692 XSS vulnerabilities in Test Run page

Closed

Activity

People

Assignee:: Diamantino Campos

Reporter:: Hugo Braz [X] (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 08/Apr/19 11:59 AM

Updated:: 09/Apr/20 11:38 AM

Resolved:: 09/Apr/20 11:38 AM