[XRAY-6395] Stored XSS in "Test Run Assignee & Executed by" in "Test Execution Page" - Xblend Issue Tracker

Xporter

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Done
Affects Version/s: 4.1.4
Fix Version/s: 4.1.6
Component/s: Security
Labels:
- ignore_ait
- security_vulnerability_medium

Sprint:
XRAY 2020 Sprint 4
Requirement Status:
OK
- 1

Description

Steps:

Go to profile > Edit fullname or username to <script>alert("XSS")</script>
Create a test case > Execute this test case > Go to Execution detail: http://192.168.10.100:8080/secure/XrayExecuteTest!default.jspa?testExecIssueKey=<testExecIssueKey>&testIssueKey=<testIssueKey>
Click to Assignee > XSS will be trigged.

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

image-2020-09-01-12-11-41-355.png
87 kB
01/Sep/20 12:11 PM

Activity

People

Assignee:: Diamantino Campos

Reporter:: Diamantino Campos

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 01/Sep/20 12:11 PM

Updated:: 29/Oct/24 10:28 AM

Resolved:: 21/Oct/20 3:13 PM

Time Tracking

Estimated:

Not Specified

Remaining:

0m

Logged:

3h