Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
webconsole-4.3.8
-
None
Description
Issue Summary : There is a XSS possible in system console.
Steps to reproduce :
- Open a local instance
- Open the link http://localhost:4502/system/console/services?filter=%22onmouseover=%22alert(%27xss%27)%22 in Internet Explorer. A pop would come when you mouse over the filter input box.
- Chrome would auto flag XSS exploit and prevent page load
Expected Behavior : The pop up should not come up.
Attachments
Attachments
Issue Links
- supercedes
-
FELIX-4746 Escape outputting filter parameter in service servlet
- Closed