Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-14668

Fix XSS via the About page

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 8.8
    • Fix Version/s: 8.9
    • Component/s: None
    • Labels:
      None
    • Edition:
      Community
    • Production Notes:
      None

      Description

      SonarQube administrators, and only them, can set an additional About text.

      Still, the DOMPurify version used is vulnerable to XSS attack and should be updated.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jeremy.davis Jeremy Davis
              Reporter:
              belen.pruvost Belén Pruvost
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: