request #3261 XSS vulnerability in Docman

Infos

Artifact ID#3261

Submitted byMohamed Amin Doghri (doghrim)

Last Modified On2013-05-07 18:24

Submitted on2013-05-02 17:38

Rank2081

Details

Summary *

XSS vulnerability in Docman

Original Submission

Js code is interpreted by navigator when put in URL.

To reproduce :

Login in tuleap

Go to : https://tuleap.net/plugins/docman/?group_id=101&action=show&id=421&report=Tree"onmouseover="alert(255)"

You will get an alert(255) if you overfly document links

CategoryDoc/Documentation manager

Reported in versionEmpty

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listDenis PILAT (denis_pilat), Ahmed HOSNI (hosniah)

Stage

Assigned toMohamed Amin Doghri (doghrim)

StatusClosed

Close date2013-05-07

Attachments

Connected artifacts

Artifact links

Empty

Reverse artifact links

Empty

AttachmentsEmpty

References

Cross references

References list is empty

Follow-ups

Nicolas Terray (nterray)

2013-05-07 18:24

Available in Tuleap 6.0.99.1

Status changed from Under implementation to Closed
Close date set to 2013-05-07
Is an Enhancement or an internal improvement? set to

Mohamed Amin Doghri (doghrim)

2013-05-03 12:40

Review on :

http://reviews.tuleap.net/r/335/

Status changed from Verified to Under implementation

Yannis ROSSETTO (rossettoy)

2013-05-02 18:13

Ok, thanks. we will review your submission.

Mohamed Amin Doghri (doghrim)

2013-05-02 18:10

I have already fix it in local.

I will push the fix.

Thank you Yannis

Yannis ROSSETTO (rossettoy)

2013-05-02 17:57

Hello,

I reproduce the bug. We will have a look on it quickly !

Category set to Doc/Documentation manager
Status changed from New to Verified
Platform set to