xss.png
Team C
[ZBX-14337] Persistent xss in map navigation tree widget Created: 2018 Feb 02 Updated: 2024 Apr 10 Resolved: 2018 May 09 |
|
| Status: | Closed |
| Project: | ZABBIX BUGS AND ISSUES |
| Component/s: | Frontend (F) |
| Affects Version/s: | 4.0.0alpha1, 4.0.0alpha2, 4.0.0alpha3 |
| Fix Version/s: | 3.4.9rc1, 4.0.0alpha6, 4.0 (plan) |
| Type: | Defect (Security) | Priority: | Major |
| Reporter: | Vjaceslavs Bogdanovs | Assignee: | Vjaceslavs Bogdanovs |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | map, navigation, security, tree, widget, xss | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
xss.png
|
| Team: | Team C |
| Team: | Team C |
| Sprint: | Sprint 28, Sprint 29, Sprint 30, Sprint 31 |
| Story Points: | 0.125 |
| Description |
|
There is a persistent xss in map navigation tree widget. To reproduce it, create a map navigation tree widget, add single element and set it's name to <img src="xxx" onerror="alert('xss');"/>. As a result you will get: |
| Comments |
| Comment by Valdis Murzins [ 2018 Apr 11 ] |
|
(1) [F] No translation string changes. CLOSED |
| Comment by Vjaceslavs Bogdanovs [ 2018 Apr 13 ] |
|
Available in:
Changelog was left unchanged. |
