Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #7847 Persistent XSS in project sidebar
    Actions
    Infos
    #7847
    Thomas Gerbet (tgerbet)
    2015-03-04 16:22
    2015-02-05 15:19
    7854
    Details
    Persistent XSS in project sidebar

    A persistent XSS could be injected into the sidebar of a project.

    Impact

    An attacker could use this vulnerability to force a victim to execute uncontrolled code.
    CVSS2 score: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)

    Exploitation

    As a project admin create or edit a service and put "><script>alert(1)</script><" in the service link.

    References

    https://cwe.mitre.org/data/definitions/79.html
    https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29

    Project admin
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2015-03-02
    Attachments
    Artifact links
    Empty
    Empty
    References
    Referencing request #7847

    Artifact Tracker v5

    rel #7843 7.11

    Git commit

    tuleap/tuleap/stable

    Merge commit 'refs/changes/14/3614/1' of ssh://gerrit.tuleap.net:29418/tuleap into tuleap-stable-master 9432362741
    User avatar Manuel Vacelet (vaceletm) , 2015-03-02 13:37
    request #7847: Fix persistent XSS in project sidebar fc2f874a74
    User avatar Thomas Gerbet (tgerbet) , 2015-02-06 11:12
    request #7847: Fix persistent XSS in project sidebar f61d2de423
    User avatar Thomas Gerbet (tgerbet) , 2015-02-24 13:29
    Referenced by request #7847

    Other

    gerrit #3614
    Display settings

    Follow-ups

    User avatar
    Manuel Vacelet (vaceletm)2015-03-02 13:46
    Merged in 7.10.99.59
    • Status changed from Under review to Closed
    • Close date set to 2015-03-02