Cross Site Scripting vulnerability allows injecting HTML code into table edits

XMLWordPrintable

    • 1
    • Severity 3 - Minor
    • 0

      Issue Summary

      Cross Site Scripting vulnerability allows injecting HTML code into table edits

      Steps to Reproduce

      • Edit a page
      • Then access the Insert macro 'Info' option.
      • A new window will open, in which the Preview option must be selected. With the help of an intermediate proxy such as burp suite, the request is intercepted.
      • The request is then modified by including HTML or CSS code in the body attribute.
      • After the modifications, the results can be seen in the application

      Expected Results

      The results should not be seen

      Actual Results

      The results are seen

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

              Assignee:
              Navaz Sayyed (Inactive)
              Reporter:
              Avik H
              Votes:
              1 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: