[XRAY-7118] XSS vulnerability in the Test Run page at the Cucumber step results - Xblend Issue Tracker

Xporter

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Done
Affects Version/s: 4.2.7
Fix Version/s: 4.2.9
Component/s: Security, Test Run Review, User Interface
Labels:
- security_vulnerability_medium

Sprint:
XRAY 2021 Sprint 3, XRAY 2021 Sprint 4
Requirement Status:
OK
- 1

Description

Due to a XSS vulnerability, it's possible to inject JS code into the HTML code of the Test Run page, when importing Cucumber execution results.

Steps to reproduce

Step	Result
Inject the <script> in the error message - Cucumber Execution report
Import the Execution report
Go to the Test Run page and expand the cucumber steps clicking on the blue triangle

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

CucResultsDoc.json
3 kB
04/Feb/21 10:57 PM
image-2021-02-04-22-49-37-286.png
18 kB
04/Feb/21 10:49 PM
image-2021-02-04-22-50-07-855.png
63 kB
04/Feb/21 10:50 PM
image-2021-02-04-22-53-36-636.png
85 kB
04/Feb/21 10:53 PM

Activity

People

Assignee:: Isabel Moreira

Reporter:: Miguel Fernandes

Votes:: 1 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 04/Feb/21 10:55 PM

Updated:: 26/Feb/21 2:00 PM

Resolved:: 15/Feb/21 1:31 PM

Time Tracking

Estimated:

Not Specified

Remaining:

0m

Logged:

1d 1h 30m