Team A
[ZBX-11285] actionconf.php have Reflective XSS Created: 2016 Sep 29 Updated: 2024 Apr 10 Resolved: 2017 May 18 |
|
| Status: | Closed |
| Project: | ZABBIX BUGS AND ISSUES |
| Component/s: | Frontend (F) |
| Affects Version/s: | 3.0.9rc1, 3.2.4 |
| Fix Version/s: | 3.0.10rc1, 3.2.7rc1, 3.4.0alpha1 |
| Type: | Incident report | Priority: | Trivial |
| Reporter: | cyy | Assignee: | Unassigned |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Team: | Team A |
| Sprint: | Sprint 3, Sprint 4, Sprint 5, Sprint 6, Sprint 7, Sprint 8 |
| Story Points: | 0.2 |
| Description |
|
POST /*****/maintenance.php HTTP/1.1 sid=24230519c556deb5&form_refresh=1&form=Create+maintenance+period&active_since=1467216000&active_till=1467302400&mname=&maintenance_type=0&active_since_day=30&active_since_month=06&active_since_year=2016&active_since_hour=00&active_since_minute=00&active_till_day=01&active_till_month=07&active_till_year=2016&active_till_hour=00&active_till_minute=00&description=&new_timeperiod=New&twb_groupid=5 |
| Comments |
| Comment by Volker Fröhlich [ 2016 Oct 13 ] |
|
This is the same request as in your maintenance.php ticket. Is this on purpose? |
| Comment by Gregory Chalenko [ 2017 Mar 14 ] |
|
Fixed cookie tab value xss Fixed in: svn://svn.zabbix.com/branches/dev/ZBX-11285 r66569 |
| Comment by Gregory Chalenko [ 2017 Mar 14 ] |
|
(1) [F] No translation string changes. iivs CLOSED |
| Comment by Gregory Chalenko [ 2017 May 18 ] |
|
Fixed in:
|
| Comment by Gregory Chalenko [ 2017 May 18 ] |
|
No documentation update needed. |