[ZBX-11285] actionconf.php have Reflective XSS Created: 2016 Sep 29 Updated: 2024 Apr 10 Resolved: 2017 May 18 |
|
Status: | Closed |
Project: | ZABBIX BUGS AND ISSUES |
Component/s: | Frontend (F) |
Affects Version/s: | 3.0.9rc1, 3.2.4 |
Fix Version/s: | 3.0.10rc1, 3.2.7rc1, 3.4.0alpha1 |
Type: | Incident report | Priority: | Trivial |
Reporter: | cyy | Assignee: | Unassigned |
Resolution: | Fixed | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Team: | Team A |
Sprint: | Sprint 3, Sprint 4, Sprint 5, Sprint 6, Sprint 7, Sprint 8 |
Story Points: | 0.2 |
Description |
POST /*****/maintenance.php HTTP/1.1 sid=24230519c556deb5&form_refresh=1&form=Create+maintenance+period&active_since=1467216000&active_till=1467302400&mname=&maintenance_type=0&active_since_day=30&active_since_month=06&active_since_year=2016&active_since_hour=00&active_since_minute=00&active_till_day=01&active_till_month=07&active_till_year=2016&active_till_hour=00&active_till_minute=00&description=&new_timeperiod=New&twb_groupid=5 |
Comments |
Comment by Volker Fröhlich [ 2016 Oct 13 ] |
This is the same request as in your maintenance.php ticket. Is this on purpose? |
Comment by Gregory Chalenko [ 2017 Mar 14 ] |
Fixed cookie tab value xss Fixed in: svn://svn.zabbix.com/branches/dev/ZBX-11285 r66569 |
Comment by Gregory Chalenko [ 2017 Mar 14 ] |
(1) [F] No translation string changes. iivs CLOSED |
Comment by Gregory Chalenko [ 2017 May 18 ] |
Fixed in:
|
Comment by Gregory Chalenko [ 2017 May 18 ] |
No documentation update needed. |