[AMQ-4397] XSS vulnerability in scheduled.jsp - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 5.8.0
Fix Version/s: 5.9.0
Component/s: None
Labels:
None

Description

If string like * * * * *<script>alert(1)</script> is entered into cron of a message, JS code will be executed on the scheduled.jsp page.

Attachments

Activity

People

Assignee:: Dejan Bosanac

Reporter:: Dejan Bosanac

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 21/Mar/13 10:14

Updated:: 23/Apr/13 08:17

Resolved:: 21/Mar/13 12:36