[OPENMEETINGS-1379] XSS in Chat window leading to DOS - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Blocker
Resolution: Fixed
Affects Version/s: 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.1.0, 3.1.1, 3.1.2
Fix Version/s: 3.1.2, 3.2.0, 4.0.0
Component/s: UI
Labels:
- security

Flags:

Important
External issue URL:
https://om.alteametasoft.com/openmeetings/

Description

The chat window can execute XSS payloads, thus one can infect all the users who have joined the room/meeting. The XSS is persistent and that can lead to Denial of Service.

A simple popup which alerts 9 can make it hard for other user to use it.

One can check the POC by trying to log-in at the demo server provided: https://om.alteametasoft.com/openmeetings/

Attachments

Activity

People

Assignee:: Maxim Solodovnik

Reporter:: Subho Halder

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 26/Apr/16 13:00

Updated:: 01/Feb/19 14:58

Resolved:: 26/Apr/16 14:55