apos.png
|
Sub-task |
Team C
[ZBX-13261] Reflected xss in popup form Created: 2017 Oct 16 Updated: 2024 Apr 10 Resolved: 2017 Dec 27 |
|
| Status: | Closed |
| Project: | ZABBIX BUGS AND ISSUES |
| Component/s: | Frontend (F) |
| Affects Version/s: | None |
| Fix Version/s: | 2.2.21rc1, 3.0.14rc1, 3.2.11rc1, 3.4.5rc1, 3.4.5rc2, 4.0 (plan) |
| Type: | Defect (Security) | Priority: | Blocker |
| Reporter: | Vjaceslavs Bogdanovs | Assignee: | Gregory Chalenko |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | frontend, security | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
apos.png
|
||||
| Issue Links: |
|
||||
| Team: | Team C |
||||
| Sprint: | Sprint 19, Sprint 20, Sprint 21, Sprint 22 | ||||
| Story Points: | 2 | ||||
| Description |
|
Open a link http://monitoring.zabbix.lan/popup.php?srctbl=applications&srcfld1=name&real_hosts=1&dstfld1=application%26quot%3B)%2Balert(%26quot%3BWoooooohooooo!%20XSS!!!%26quot%3B)%2Btrim(%26quot%3B&with_applications=1&dstfrm=zbx_filter and click on any of the links. Script is executed and we can do anything from there. |
| Comments |
| Comment by Gregory Chalenko [ 2017 Oct 19 ] |
|
(1) No translation strings changes vjaceslavs CLOSED |
| Comment by Gregory Chalenko [ 2017 Oct 19 ] |
|
Resolved in development branch branches/dev/DEV-700-3.0 |
| Comment by Gregory Chalenko [ 2017 Nov 28 ] |
|
Fixed in:
|
| Comment by Gregory Chalenko [ 2017 Nov 29 ] |
|
Fixed in:
|
| Comment by Gregory Chalenko [ 2017 Dec 08 ] |
|
Fixed in:
|