Project

General

Profile

Actions

Bug #666

closed

XSS vulnerability

Added by Petr Sklenar about 13 years ago. Updated about 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Web Interface
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

version of foreman:

commit 80e0157cc452feee0855a64c15391c55ac75610e
Author: Paul Kelly <pikelly@blueyonder.co.uk>
Date:   Sun Feb 13 09:12:39 2011 +0100

    Fixes #623 - incomplete multiple builds commit

    Signed-off-by: Paul Kelly <paul.ian.kelly@googlemail.com>

steps to reproduce:
1. try to save search as : <script>alert('Vulnerable');</script>
and script is run

expected results:
no XSS

Actions #1

Updated by Ohad Levy about 13 years ago

  • Target version set to 0.2
Actions #2

Updated by Ohad Levy about 13 years ago

  • Status changed from New to Ready For Testing
  • % Done changed from 0 to 100
Actions #3

Updated by Ohad Levy about 13 years ago

  • Status changed from Ready For Testing to Closed
Actions #4

Updated by The Foreman Bot about 8 years ago

  • Description updated (diff)
  • Pull request https://github.com/theforeman/foreman/pull/3338 added
Actions #5

Updated by Ohad Levy about 8 years ago

  • Pull request deleted (https://github.com/theforeman/foreman/pull/3338)
Actions

Also available in: Atom PDF