Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #7849 XSS in dev mode
    Actions
    Infos
    #7849
    Thomas Gerbet (tgerbet)
    2015-03-04 16:22
    2015-02-06 12:31
    7855
    Details
    XSS in dev mode

    SQL requests are not correctly escaped when displayed in dev mode. A XSS could be injected everywhere a data input is used in a SQL request.

    Impact

    An attacker could use this vulnerability to force a victim to execute uncontrolled code.
    CVSS2 score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)

    Exploitation

    The dev mode should be activated to exploit this vulnerability. You could, for example, search <script>alert(1)</script>.

    References

    https://cwe.mitre.org/data/definitions/79.html
    https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29

    Other
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2015-03-02
    Attachments
    Artifact links
    Empty
    Empty
    References
    Referencing request #7849

    Artifact Tracker v5

    rel #7843 7.11

    Git commit

    tuleap/tuleap/stable

    Merge commit 'refs/changes/15/3615/2' of ssh://gerrit.tuleap.net:29418/tuleap into tuleap-stable-master b70371a89e
    User avatar Manuel Vacelet (vaceletm) , 2015-03-02 13:34
    request #7849: Fix XSS in development mode f9691a1ae0
    User avatar Thomas Gerbet (tgerbet) , 2015-02-06 13:16
    request #7849: Fix XSS in development mode c963cd8ea3
    User avatar Thomas Gerbet (tgerbet) , 2015-02-24 13:14

    Release

    release #102
    Referenced by request #7849

    Other

    gerrit #3615
    Display settings

    Follow-ups

    User avatar
    Manuel Vacelet (vaceletm)2015-03-02 13:46
    Merged in 7.10.99.59
    • Status changed from Under review to Closed
    • Close date set to 2015-03-02