Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-22720

Remove possibility to add html into Geomap attribution field (CVE-2023-29452)

    XMLWordPrintable

Details

    • Team B
    • Sprint 99 (Apr 2023), Sprint 100 (May 2023)
    • 1

    Description

      Currently, geomap configuration (Administration) allows using HTML in the attribution field. This should be changed in the following way:
      1. Default providers should still have static attributions with HTML (but the attribution field shouldn't be shown). Users shouldn't be able to change attribution for default providers.
      2. Custom providers should have the attribution field, but it should be rendered as text (no HTML support) and a hint about trusted sources should also be removed.

      Attachments

        Issue Links

          is duplicated by

          Defect (Security) - Discovered security vulnerabilities in Zabbix ZBX-22981 Possibility to add html code into Geomap attribution field (CVE-2023-29452)

          • Trivial - Cosmetic problem like misspelt words or misaligned text.
          • Closed
          mentioned in

          Page Loading...

          Activity

            People

              Miks.Kronkalns Miks Kronkalns
              vjaceslavs Vjaceslavs Bogdanovs
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: