request #3165 XSS vulnerability with BookMark

Artifact

Infos

Artifact ID#3165

Submitted byMohamed Amin Doghri (doghrim)

Last Modified On2013-04-25 10:46

Submitted on2013-04-18 12:33

Rank2006

Details

Summary *

XSS vulnerability with BookMark

Original Submission

Js code is interpreted by navigator when put in Bookmark Title.

To reproduce :

Login in tuleap

Click on "BookMark this page"

Click on "Edit this bookmark"

In BookMark title put this string: "<script type="text/javascript">alert('test')</script>"

Return to your personal page

You will get an alert

CategoryOther

Reported in versionAll

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listEmpty

Stage

Assigned toMohamed Amin Doghri (doghrim)

StatusClosed

Close date2013-04-25

Attachments

Connected artifacts

Artifact links

Empty

Reverse artifact links

Empty

AttachmentsEmpty

References

Cross references

Referencing request #3165

Release

release #52

Follow-ups

Nicolas Terray (nterray)

2013-04-25 10:46

Merged in the upcoming Tuleap 6. Thanks for your contribution!

Status changed from Under implementation to Closed
Close date set to 2013-04-25
Platform set to
Is an Enhancement or an internal improvement? set to

Mohamed Amin Doghri (doghrim)

2013-04-23 16:10

Review here:
http://reviews.tuleap.net/r/334/

Status changed from New to Under implementation

Public

Artifact links

Reverse artifact links

Referencing request #3165

Release

Follow-ups