Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-14336

Persistent xss vulnerability in Services (IT Services)

    XMLWordPrintable

    Details

    • Team:
      Team C
    • Sprint:
      Sprint 31, Sprint 32
    • Story Points:
      0.125

      Description

      There are multiple problems with Services (IT services):

      1. Create IT service with name "?" ) & alert(""XSS when deleted from Frontend, custom JS (alert in this PoC) is executed.
      2. IT service creation through API does not require any special permissions (as long as you can login).

      Combination of two makes it a great place for persistent XSS attacks. Maybe we should fix API as well because user without permissions can create a mess in Services.

        Attachments

          Activity

            People

            Assignee:
            vjaceslavs Vjaceslavs Bogdanovs
            Reporter:
            vjaceslavs Vjaceslavs Bogdanovs
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: