Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-14336

Persistent xss vulnerability in Services (IT Services)

    Details

    • Team:
      Team C
    • Sprint:
      Sprint 31, Sprint 32
    • Story Points:
      0.125

      Description

      There are multiple problems with Services (IT services):

      1. Create IT service with name "?" ) & alert(""XSS when deleted from Frontend, custom JS (alert in this PoC) is executed.
      2. IT service creation through API does not require any special permissions (as long as you can login).

      Combination of two makes it a great place for persistent XSS attacks. Maybe we should fix API as well because user without permissions can create a mess in Services.

        Attachments

          Activity

            People

            • Assignee:
              vjaceslavs Vjaceslavs Bogdanovs
              Reporter:
              vjaceslavs Vjaceslavs Bogdanovs
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: