Links from indexbrowser.jsp are vulnerable to XSS attacks

XMLWordPrintable

      CONF-16888 has introduced or re-introduced an XSS vulnerability.

      To reproduce:

      • Create a new user, and for the Full Name use: 
        <script>alert('Vulnerable')</script>
      • Go to ../admin/indexbrowser.jsp and find the entry
      • Click on the entry, and the script is executed.

      This also happens for other content types.

        1. viewdocument.jsp
          2 kB

            Assignee:
            Anatoli
            Reporter:
            Mark Hrynczak (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: