[ZBX-14336] Persistent xss vulnerability in Services (IT Services) Created: 2017 Nov 24 Updated: 2020 Jul 16 Resolved: 2018 May 09 |
|
Status: | Closed |
Project: | ZABBIX BUGS AND ISSUES |
Component/s: | Frontend (F) |
Affects Version/s: | 4.0.0alpha1 |
Fix Version/s: | 3.0.17rc1, 3.4.9rc1, 4.0.0alpha6, 4.0 (plan) |
Type: | Defect (Security) | Priority: | Major |
Reporter: | Vjaceslavs Bogdanovs | Assignee: | Vjaceslavs Bogdanovs |
Resolution: | Fixed | Votes: | 0 |
Labels: | frontend, security, xss | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Team: | Team C |
Sprint: | Sprint 31, Sprint 32 |
Story Points: | 0.125 |
Description |
There are multiple problems with Services (IT services):
Combination of two makes it a great place for persistent XSS attacks. Maybe we should fix API as well because user without permissions can create a mess in Services. |
Comments |
Comment by Vjaceslavs Bogdanovs [ 2018 Apr 12 ] |
(1) No translation strings changed. iivs CLOSED |
Comment by Vjaceslavs Bogdanovs [ 2018 Apr 16 ] |
Available in: 3.0.17rc1 r79703 Changelog was left unchanged. |