Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-7214

XSS injection on name of new users

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.3
    • Fix Version/s: 5.4
    • Component/s: Web
    • Labels:
      None

      Description

      All pages have XSS vulnerability when displaying user name. Example when creating or updating name :
      Joe'}; alert("Test"); window.SS = {userName: 'Joe

        Attachments

          Activity

            People

            Assignee:
            stas.vilchik Stas Vilchik (Inactive)
            Reporter:
            simon.brandhof Simon Brandhof (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Due:
              Created:
              Updated:
              Resolved: