Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
webconsole-4.3.8
-
None
Description
RunningSnail reported an XSS issue in the bundle Web Console.
After logining,I visit the page whose url is http://127.0.0.1:8080/system/console/bundles.
Then I click "Install/Update" and before uploading a jar file,I change the content of the "MANIFEST.MF" in the jar file.
So when an admin visit the page,he will be affected by the stored xss.
See attached images