Reflected xss in the System Notifications administration resource

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: High
    • 5.0
    • Affects Version/s: 4.2.1
    • Component/s: None

      The System Notifications administration resource is vulnerable to reflected xss through the url used to address the resource and any included parameters.
      For example:
      1. http://localhost:8085/admin19279%27%20+%20alert%281%29%20+%27//904/viewSystemNotifications.action
      2. http://localhost:8085/admin/viewSystemNotifications.action?6d413'-alert(2)-'1d8d2bc2b4b=1

              Assignee:
              Unassigned
              Reporter:
              David Black
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: