Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #7819 Persistent XSS in trove categories
    Actions
    Infos
    #7819
    Thomas Gerbet (tgerbet)
    2015-03-04 16:22
    2015-01-30 17:32
    7826
    Details
    Persistent XSS in trove categories

    A persistent XSS could be injected in trove categories.

    Impact

    An attacker could use this vulnerability to force a victim to execute uncontrolled code.
    CVSS2 score : 2.1 (AV:N/AC:H/Au:S/C:N/I:P/A:N)

    Exploitation

    Create or edit a trove category and put <script>alert(1)</script> in the category full name.

    References

    https://cwe.mitre.org/data/definitions/79.html
    https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29

    Other
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2015-02-05
    Attachments
    Artifact links
    Empty
    Empty
    References
    Referencing request #7819

    Artifact Tracker v5

    rel #7843 7.11

    Git commit

    tuleap/tuleap/stable

    Merge commit 'refs/changes/86/3586/2' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD d033d68568
    User avatar Benjamin Dauton (bdauton_enalean) , 2015-02-05 14:41
    request #7819: Fix persistent XSS in trove categories 87b0bb60a8
    User avatar Thomas Gerbet (tgerbet) , 2015-02-05 12:32
    request #7819: Fix persistent XSS in trove categories f0727b0dc0
    User avatar Thomas Gerbet (tgerbet) , 2015-03-02 11:08
    Referenced by request #7819

    Other

    gerrit #3586
    Display settings

    Follow-ups