[ZBX-14337] Persistent xss in map navigation tree widget - ZABBIX SUPPORT

XML

Word

Printable

Details

Type: Defect (Security)
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 4.0.0alpha1, 4.0.0alpha2, 4.0.0alpha3
Fix Version/s: 3.4.9rc1, 4.0.0alpha6, 4.0 (plan)
Component/s: Frontend (F)
Labels:
- map
- navigation
- security
- tree
- widget
- xss

Team:
Team C
Sprint:
Sprint 28, Sprint 29, Sprint 30, Sprint 31
Story Points:
0.125

Description

There is a persistent xss in map navigation tree widget. To reproduce it, create a map navigation tree widget, add single element and set it's name to <img src="xxx" onerror="alert('xss');"/>. As a result you will get:

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

xss.png
20 kB
2018 Feb 02 14:23

Activity

People

Assignee:: Vjaceslavs Bogdanovs

Reporter:: Vjaceslavs Bogdanovs

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2018 Feb 02 14:23

Updated:: 2020 Jul 16 14:10

Resolved:: 2018 May 09 16:47