•  
      request #7744 Non persistent XSS in search and login form
    Infos
    #7744
    Thomas Gerbet (tgerbet)
    2015-03-04 16:22
    2015-01-06 15:25
    7706
    Details
    Non persistent XSS in search and login form

    Non persistent XSS could be injected in search modules (common and fulltextsearch) via the parameter words and into the login form via the parameter return_to.

    Impact

    An attacker could use these vulnerabilities to force a victim to execute uncontrolled code. The return_to parameter could also be used to redirect a victim to a untrusted website.
    CVSS2 score : 5 (AV:N/AC:L/Au:N/C:N/I:P/A:N)

    References

    http://cwe.mitre.org/data/definitions/79.html
    https://cwe.mitre.org/data/definitions/601.html

    Empty
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2015-01-09
    Attachments
    Empty
    References

    Follow-ups

    User avatar
    Merged in Tuleap 7.9.99.14

    • Status changed from Under review to Closed
    • Close date set to 2015-01-09
    User avatar
    Thomas Gerbet (tgerbet)2015-01-07 13:54
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes