Loading...

XML

Word

Printable

Type: Defect (Security)
Resolution: Fixed
Priority: Major
Fix Version/s: 3.4.9rc1, 4.0.0alpha6, 4.0 (plan)
Affects Version/s: 4.0.0alpha1, 4.0.0alpha2, 4.0.0alpha3
Component/s: Frontend (F)
Labels:
- map
- navigation
- security
- tree
- widget
- xss

Sprint:
Sprint 28, Sprint 29, Sprint 30, Sprint 31
Story Points:
0.125

There is a persistent xss in map navigation tree widget. To reproduce it, create a map navigation tree widget, add single element and set it's name to <img src="xxx" onerror="alert('xss');"/>. As a result you will get:

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

xss.png
20 kB
2018 Feb 02 14:23

Assignee:: Vjaceslavs Bogdanovs

Reporter:: Vjaceslavs Bogdanovs

Team:: Team C

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2018 Feb 02 14:23

Updated:: 2024 Apr 10 17:18

Resolved:: 2018 May 09 16:47

Details

Description

Attachments

Attachments

Activity

People

Dates