•  
      request #39689 XSS in the HTML mail content of the cross reference field
    Infos
    #39689
    Thomas Gerbet (tgerbet)
    2024-10-14 09:37
    2024-09-17 15:40
    41324
    Details
    XSS in the HTML mail content of the cross reference field

    Content of cross reference field is not properly escaped in mail notifications.

    Impact

    A site administrator could create an artifact link type with a forward label allowing to execute uncontrolled code (or at least achieve content injection) in a mail client.

    CVSSv3.1 score: 4.8 (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:L)

    References

    CWE 79
    OWASP Cross-site Scripting
    CVE-2024-46980

    Trackers
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2024-09-17
    Attachments
    Empty
    References

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2024-09-18 10:24

    CVE-2024-46980 has been assigned to this issue.


    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes