•  
      request #7819 Persistent XSS in trove categories
    Infos
    #7819
    Thomas Gerbet (tgerbet)
    2015-03-04 16:22
    2015-01-30 17:32
    7825
    Details
    Persistent XSS in trove categories

    A persistent XSS could be injected in trove categories.

    Impact

    An attacker could use this vulnerability to force a victim to execute uncontrolled code.
    CVSS2 score : 2.1 (AV:N/AC:H/Au:S/C:N/I:P/A:N)

    Exploitation

    Create or edit a trove category and put <script>alert(1)</script> in the category full name.

    References

    https://cwe.mitre.org/data/definitions/79.html
    https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29

    Other
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2015-02-05
    Attachments
    Empty
    References

    Follow-ups