Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-14642

Unescaped HTML in JSON server responses

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 8.9
    • Fix Version/s: 8.9
    • Component/s: None
    • Labels:
      None
    • Edition:
      Community
    • Production Notes:
      None

      Description

      WebServices can return unescaped HTML special characters in JSON responses. This can lead to an exploitable XSS vulnerability with legacy web browsers.

      Special HTML characters are now systematically escaped.

        Attachments

          Activity

            People

            Assignee:
            zipeng.wu Zipeng Wu
            Reporter:
            wouter.admiraal Wouter Admiraal
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Due:
              Created:
              Updated:
              Resolved: