[ZBX-13261] Reflected xss in popup form Created: 2017 Oct 16  Updated: 2020 Jul 16  Resolved: 2017 Dec 27

Status: Closed
Project: ZABBIX BUGS AND ISSUES
Component/s: Frontend (F)
Affects Version/s: None
Fix Version/s: 2.2.21rc1, 3.0.14rc1, 3.2.11rc1, 3.4.5rc1, 3.4.5rc2, 4.0 (plan)

Type: Defect (Security) Priority: Blocker
Reporter: Vjaceslavs Bogdanovs Assignee: Gregory Chalenko
Resolution: Fixed Votes: 0
Labels: frontend, security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File apos.png    
Issue Links:
Sub-task
Team: Team C
Sprint: Sprint 19, Sprint 20, Sprint 21, Sprint 22
Story Points: 2

 Description   

Open a link http://monitoring.zabbix.lan/popup.php?srctbl=applications&srcfld1=name&real_hosts=1&dstfld1=application%26quot%3B)%2Balert(%26quot%3BWoooooohooooo!%20XSS!!!%26quot%3B)%2Btrim(%26quot%3B&with_applications=1&dstfrm=zbx_filter and click on any of the links.

Script is executed and we can do anything from there.



 Comments   
Comment by Gregory Chalenko [ 2017 Oct 19 ]

(1) No translation strings changes

vjaceslavs CLOSED

Comment by Gregory Chalenko [ 2017 Oct 19 ]

Resolved in development branch branches/dev/DEV-700-3.0

Comment by Gregory Chalenko [ 2017 Nov 28 ]

Fixed in:

  • 2.2.21rc1 r75107 r75111
  • 3.0.14rc1 r74038 r75109
  • 3.2.11rc1 r75110
Comment by Gregory Chalenko [ 2017 Nov 29 ]

Fixed in:

  • 3.4.5rc1 r75160
Comment by Gregory Chalenko [ 2017 Dec 08 ]

Fixed in:

  • 3.4.5rc2 r75622
Generated at Fri Mar 29 14:11:38 EET 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.