[MESOS-6947] Fix pailer XSS vulnerability - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.2.0
Component/s: webui
Labels:
None

Description

There exists an XSS vulnerability in pailer.html.

window.name can be set to an external domain serving js which is wrapped in <script> tags by the getJSON async call. A detailed example will follow acceptance of the patch.

Attachments

Activity

People

Assignee:: Jacob Janco

Reporter:: Jacob Janco

Shepherd:: haosdent

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 18/Jan/17 23:34

Updated:: 23/Jan/17 05:44

Resolved:: 23/Jan/17 05:44