[ZBX-14337] Persistent xss in map navigation tree widget Created: 2018 Feb 02 Updated: 2024 Apr 10 Resolved: 2018 May 09 |
|
Status: | Closed |
Project: | ZABBIX BUGS AND ISSUES |
Component/s: | Frontend (F) |
Affects Version/s: | 4.0.0alpha1, 4.0.0alpha2, 4.0.0alpha3 |
Fix Version/s: | 3.4.9rc1, 4.0.0alpha6, 4.0 (plan) |
Type: | Defect (Security) | Priority: | Major |
Reporter: | Vjaceslavs Bogdanovs | Assignee: | Vjaceslavs Bogdanovs |
Resolution: | Fixed | Votes: | 0 |
Labels: | map, navigation, security, tree, widget, xss | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | xss.png |
Team: | Team C |
Team: | Team C |
Sprint: | Sprint 28, Sprint 29, Sprint 30, Sprint 31 |
Story Points: | 0.125 |
Description |
There is a persistent xss in map navigation tree widget. To reproduce it, create a map navigation tree widget, add single element and set it's name to <img src="xxx" onerror="alert('xss');"/>. As a result you will get: |
Comments |
Comment by Valdis Murzins [ 2018 Apr 11 ] |
(1) [F] No translation string changes. CLOSED |
Comment by Vjaceslavs Bogdanovs [ 2018 Apr 13 ] |
Available in:
Changelog was left unchanged. |