[ZBX-11521] JS validation issue in media popup Created: 2016 Nov 16  Updated: 2017 May 30  Resolved: 2016 Nov 24

Status: Closed
Project: ZABBIX BUGS AND ISSUES
Component/s: Frontend (F)
Affects Version/s: None
Fix Version/s: 2.0.20rc1, 2.2.16rc1, 3.0.6rc1, 3.2.2rc1, 3.4.0alpha1

Type: Incident report Priority: Major
Reporter: Oleg Egorov (Inactive) Assignee: Unassigned
Resolution: Fixed Votes: 0
Labels: popups, xss
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

How to reproduce:
http://localhost/2.0/frontends/php/popup_media.php?dstfrm=userForm"%2Balert(12345)%2B"

Enter any value in "Send to", then submit.

Affected versions: [2.0 - 3.3]

Same vulnerability also exists in other parameters as well.

 Comments   
Comment by Oleg Egorov (Inactive) [ 2016 Nov 16 ]

RESOLVED in svn://svn.zabbix.com/branches/dev/DEV-554 r63819

Comment by Oleg Egorov (Inactive) [ 2016 Nov 16 ]

(1) No translation string changes.

gunarspujats CLOSED

Comment by Gunars Pujats (Inactive) [ 2016 Nov 23 ]

Tested

Comment by Oleg Egorov (Inactive) [ 2016 Nov 23 ]

Fixed in:

  • pre-2.0.20rc1 r63921
  • pre-2.2.16rc1 r63923
  • pre-3.0.6rc1 r63924
  • pre-3.2.2rc1 r63925
  • pre-3.3.0 (trunk) r63926
Generated at Sat May 11 05:45:54 EEST 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.