Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-7214

XSS injection on name of new users

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.3
    • Fix Version/s: 5.4
    • Component/s: Web
    • Labels:
      None

      Description

      All pages have XSS vulnerability when displaying user name. Example when creating or updating name :
      Joe'}; alert("Test"); window.SS = {userName: 'Joe

        Attachments

          Activity

            People

            • Assignee:
              stas.vilchik Stas Vilchik (Inactive)
              Reporter:
              simon.brandhof Simon Brandhof
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Due:
                Created:
                Updated:
                Resolved: