1. Tempo Avatar Tempo
  2. Prime
  3. servertimesheet
  4. Issues

[TIME-290] Few persisted XSS

Issue #290 resolved
Andriy Zhdanov created an issue

I've found few persisted XSS in plugin, all are listed below.

In report configuration screen:

  • Priorities selection (to reproduce create priority named '<script>alert(1)</script>')
  • Filter selection (to reproduce save filter as '<script>alert(2)</script>')

In worklog details: worklog comment (to reproduce set worklog comment to '<b>test</b>'; comment are limited to 15 characters so I'm not sure how much dangerous this is).

This must be fixed and released in order to install new version of this plugin in OnDemand.

By amierzwicki/Aleksander Mierzwicki on Tue, 16 Oct 2012 08:22:59 -0700

Comments (2)

  1. Andriy Zhdanov reporter

    I've fixed that and commited as 169755. Can you release new version with that fix included?

    We wanted to install 2.3.6 in OnDemand but we've found those XSS so we decided to wait until those are released.

    By amierzwicki on Tue, 16 Oct 2012 08:27:08 -0700

  3. Log in to comment
Assignee
Type
bug
Priority
critical
Status
resolved
Component
Version
Votes
0
Watchers
1